James Patterson | 25 Nov 2017
A multi-step attack has struck android devices this week by binding three threats into one to break into Android devices and steal sensitive and personal data.
The new malware has been coined ‘Marcher’ malware and uses multiple steps in order to gather data such as credit card details and banking account numbers. Each attack “combines phishing, banking trojan and credit card data theft” into one, says Nord VPN.
Nord VPN highlighted that these attacks are becoming more and more frequent, as well as more likely and stated, “as our computing increasingly crosses multiple screens, we should expect to see threats extending across mobile and desktop environments.” They also stated that more attacked based on the Marcher mechanism are likely, and are expected to attack infrastructures, such as banking services and telecommunications.
These types of attacks on major services could prove catastrophic to consumer privacy. Banking details, addresses and more will be revealed to the public if the Marcher-based attacks break the barriers protecting communications and banking services.
Android smartphones have often been the target of attacks using similar strategies, although combining all of these types of malware and phishing attacks together is entirely new, and highly unusual. This is the first time we are seeing cybercriminals utilising extreme complex methods to gather sensitive consumer data.
Marcher and similar attacks rely on open and unencrypted networks to bypass your device’s security and harvest its sensitive data. A VPN can essentially block its access to your smartphone. Most VPNs have virus and malware protection built into their servers, so any attack is blocked before it enters your device.
A VPN works by encrypting and rerouting all traffic through secured servers, preventing any of your data from being traced back to you, as well as preventing malware from finding your device and stealing your data.
NordVPN suggests utilising their CyberSec feature, which removes advertising and malware, as well as phishing emails. Most premium VPN services scour website data for malicious content, and sites found with malware or other trojans are blocked from the server, meaning your devices never come into contact with the malware embedded into those sites.
Making use of a VPN adds an essential layer of security, not only against malware but general browsing activities too.
Marcher was first uncovered in March 2013, when it was a topic of conversation in Russian online forums. Since then, it has morphed into an international threat. Its backbone as a malware-as-a-service has given Marcher the ability to extend its effect from Russia to nations all around the world. The malware is able to be embedded within the software and then installed by users by accident, often in Flash Player updates.
The malware is normally sent to victims via SMS, although recently it has been found to circulate as a link within in an email. The link had been shortened to avoid detection. Anyone who opens the email and clicks on the link is presented with a fake Bank Austria website and is requested to enter their details, such as phone numbers and email addresses.
Once this data has been stolen, the attacks can then use this information to send their victims warning messages and attempt to convince them to follow another URL which is infected with the Marcher malware.
Alongside acting like a trojan, and overlaying itself on top of a banking app and even featuring a security and identity theft page, the malware eventually requests the victim for their credit card details every time they access the Google Play Store. Following this, the malware seeks permission to access a number of permissions, such as to call phone numbers, read and write messages, have access to contacts, modify settings and much more. Essentially it gains access to an entire smartphone’s contents.
It is absolutely vital that you be wary when installing new apps on your smartphone, from verified and unverified sources alike. The Google Play Store is known for frequently allowing malware into its store. Users should always be looking for false websites and banking emails, as well as rejecting requests for data from websites and emails. It’s also a good idea to check what permissions an app is requesting before and after you install it.
Post Views: 2624