• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Android Banking Trojan Marcher Infects Devices to Steal Payment Cards

February 14th, 2017 Waqas Android, Malware, Security 0 comments
Android Banking Trojan Marcher Infects Devices to Steal Payment Cards
Share on FacebookShare on Twitter

Cyber-security researchers at Securify, a Dutch security firm, have been evaluating the Marcher Android banking Trojan for the past six months. They have come to the conclusion that Marcher has been there since 2013 and its attacking tactics have been evolving since then. Until now, the Trojan has managed to infect thousands of Android devices with a single botnet and also stolen a considerable number of payment cards. On the whole, 9 Marcher botnets have been discovered by the researchers.

According to Securify researchers, in late 2013 when the Trojan became activated it trapped users through Google Play phishing pages to get their payment card details. In March 2014, the primary focus of attacks became German financial institutions because analysis suggested that a majority of Marcher’s victims were Germany-based banks. However, by 2016, the malware’s target list spread to over 60 organizations across the United States, United Kingdom, France, Australia, Spain, Poland, Turkey and many other countries. The malware was hidden in apps that were believed to be harmless and pretty reliable such as Netflix, Super Mario Run game and the popular messaging app WhatsApp.

Securify researchers explained about the malware: “Marcher is one of the few Android banking Trojans to use the AndroidProcesses library, which enables the application to obtain the name of the Android package that is currently running in the foreground. This library is used because it uses the only (publicly known) way to retrieve this information on Android 6 (using the process OOM score read from the /proc directory).”

Securify researchers have identified the nine botnets of Marcher and each of the botnets contain new modules and can perform targeted web injects as directed by the attackers. One of the nine botnets targets banks in France, Austria and Germany and until now it has managed to infect over 11,000 devices. 5,700 infected devices were in Germany while 2,200 in France and the command and control server of the attackers has stored 1,300 payment card numbers apart from other significant banking data.


Source: Securify

Although most of the devices that got infected through Marcher were using the Android 6.0.1 version, it is also a fact that over 100 infected devices were running Android 7.0. Marcher performs its task by firstly inspecting the apps enabled by the victim and if the targeted app is identified, then it displays an overlay screen to deceive the victim and obtain sensitive information.

Bot amount according to Android versions

[fullsquaread][/fullsquaread]

The malware can also avoid detection or removal by security products by blocking mobile antivirus applications. Around seven months back, researchers noted that Marcher was able to block eight antivirus apps and according to latest analysis it can block over two dozen apps.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Android
  • Banking
  • Google
  • internet
  • Malware
  • Privacy
  • security
  • TROJAN
Facebook Twitter LinkedIn Pinterest
Previous article Teacher Being Investigated for Exposing 7th Graders to Porn
Next article The Rise of Fileless Malware: Over 100 Telecoms, Banks, Gov't Orgs Under Attack
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

43
Why you should never use free a VPN
Drones

Why you should never use free a VPN

27
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

255

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us