Marcher is a Trojan targeting banks; first appeared on Russian-speaking underground forums in late 2013, and affecting banking applications in mostly South American countries, but now expanding into the rest of the world. It poses as an Android firmware update, another demonstration of how cyber-criminals are evolving tactics in order to trick unsuspecting users into installing malicious software.
While the mobile malware can steal login credentials from at least 40 banking, retail and social media apps, the sophisticated Trojan has developed new techniques to trick Android users into downloading the malware.
On installation, Marcher will forward a victim's banking app log-in details to to the cyber-criminals, allowing the crooks to make off with the stolen information.
With the previous incarnations of Marcher haven posed as a security update to Super Mario mobile game and few other apps.
And recently, the latest version of the banking Trojan is using new techniques to spread malware, including adult content and links-baiting taking advantage of new mobile games. However, the malware downloads are accessible only from third-party sources and not via the official Google Play store.
It has a spooky way to bypass the Android security check to allow the device to install third-party software, an option turned off by default on Android devices and a key way of protecting the user from malicious software.
As always the best way for Android users to avoid falling victim to any malware, including Marcher is to only download from Google Play, and not downloading anything from unknown sources.
