Phony Adobe Flash Player Update Leads to Android Marcher Malware

June 26, 2017
By Marcos Colon

Security experts have discovered the latest variant of the Android Marcher malware that steals banking credentials from victims.

Researchers at security firm Zscaler have been keeping tabs on the evolution of the malware, which has been “using new tricks and payload delivery mechanisms,” according to a blog post by Zscaler Senior Security Researcher Viral Gandhi.

The latest variant attracts victims via “pornographic lures” as well as new game hype. From there, the malware payloads are disguised as Adobe Flash player updates, so if a victim chooses to download the bogus update the malware is then dropped on the user’s device.

“The malware will also guide the user to disable security and allow third-party apps to install,” Gandhi wrote. Once the apps are installed, the malware removes itself from the phone menu and waits for the victim to select one of over 40 financial apps the malware targets.

Once opened, the malware creates a fake login overlay page where users can input their credentials, thus leading to cybercriminals gleaning the information. 

prestitial ad