Skip to main content

Android Marcher malware targets UK banking customers

The creators of the mobile malware Marcher have started to target the Android smartphones of UK banking customers.

Previously the trojan has sought out possible victims in Germany, Austria, France, Australia and Turkey. Now IBM's X-Force security research team has warned that it has begun to target customers from nine major banks in the UK.

Marcher first appeared in late 2013 on a Russian cybercrime forum as tool to collect credit card data from the user devices that had already been compromised. However, since then it has evolved and is now able to accurately mimic the login pages of banks to steal user data more easily.

IBM's X-Force security team offers a detailed explanation as to how the Marcher malware become the increasing security threat that it is today: “Carefully matching each bank’s look and feel, Marcher adapts its fake overlay screens to the organisations it targets. The adaptation is most likely programmed by the original malware developer for an extra fee. However, overlay screens are not complicated to make and can be created by outsourced black-hat developers or the malicious operators.”

Through the use of overlays to popular banking apps and websites, Marcher is able to trick users into logging into their online banking through an app or via the web or shopping using e-commerce sites. Since it is a trojan designed for mobile, it is also able to hijack SMS message and forward the phone calls it selects on any smartphone compromised with the malware. Marcher even has the ability to intercept the two-factor authentication used by banks and other services online.

The trojan goes even further by using its control of SMS and phone calls to send out covert text messages and calls to the premium toll numbers of other cybercriminals in different countries which allows it to generate even more money for the attackers implementing it.

To avoid falling victim to Marcher, it is highly recommended that you avoid any spam emails and text messages that suggest that you need to download a Flash update. Even though Flash has been used for years now by cybercriminals as a means of deceiving users, it is still employed due to its effectiveness.

Image Credit: DeiMosz / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.