- Jul 22, 2014
- 2,525
It starts with a phishing attack over SMS, continues with a bad app, and ends with your stolen bank account
Android-targeting banking Trojan Marcher is on the rise, infecting devices via a phishing attack using SMS/MMS, gaining extensive privileges, displaying an overlay window to your banking app and collecting all your data, all the while successfully avoiding your antivirus apps.
According to experts over at Securify, it all starts with a phishing attack using SMS or MMS, with the messages including a link leading to a fake version of a popular app, such as WhatsApp, Runtastic or Netflix, to name a few. The link, however, doesn’t lead you to the good old Google Play Store, which is safe for the most part, but to a third-party app store. Of course, this doesn’t work if you don’t have the option selected from your phone’s security settings. So, a first step to take care of your data is to not allow downloads from other app stores than the official one.
Then, if the app does get downloaded and installed, it will start requesting Android privileges that are uncommon for regular apps, including Device admin. Combined with SMS read/write and Internet permission, this app becomes dangerous, and it’s not what the regular, official app would do. Even if you don’t originally accept all those privileges, the app will nag you until you just say yes to silence it.
“Once accepted Marcher runs in the background as a service and fully controls the device as admin (permission screen attached). Obviously, a fairly significant list of permissions of which many are suspicious, especially when combined,” Han Sahin, co-founder of Securify, told Softpedia.
more in the link above
Android-targeting banking Trojan Marcher is on the rise, infecting devices via a phishing attack using SMS/MMS, gaining extensive privileges, displaying an overlay window to your banking app and collecting all your data, all the while successfully avoiding your antivirus apps.
According to experts over at Securify, it all starts with a phishing attack using SMS or MMS, with the messages including a link leading to a fake version of a popular app, such as WhatsApp, Runtastic or Netflix, to name a few. The link, however, doesn’t lead you to the good old Google Play Store, which is safe for the most part, but to a third-party app store. Of course, this doesn’t work if you don’t have the option selected from your phone’s security settings. So, a first step to take care of your data is to not allow downloads from other app stores than the official one.
Then, if the app does get downloaded and installed, it will start requesting Android privileges that are uncommon for regular apps, including Device admin. Combined with SMS read/write and Internet permission, this app becomes dangerous, and it’s not what the regular, official app would do. Even if you don’t originally accept all those privileges, the app will nag you until you just say yes to silence it.
“Once accepted Marcher runs in the background as a service and fully controls the device as admin (permission screen attached). Obviously, a fairly significant list of permissions of which many are suspicious, especially when combined,” Han Sahin, co-founder of Securify, told Softpedia.
more in the link above
