Behind a fake Flash update for Android hides Marcher, a malware that steals all credentials to access banking apps
The Android operating system always remains one of the favorite targets of hackers. Despite Google's efforts to improve its security, hackers manage to exploit its weaknesses to infect users' smartphones with malware capable of stealing vital information.
Researchers at ZScaler, a company specializing in computer security, have discovered a new virus capable of stealing all users' banking data. Actually, the malware is not unknown to the researchers: it is Marcher, a virus that was already launched some time ago and now it is back in an "enhanced" version. The banking malware hides behind a fake Flash update that actually installs the virus on the device and takes control of it. When the user tries to log into his bank account via the bank's application, the data is stolen by the malware, which then sends it to the hackers.
How Marcher virus works
The trap devised by the hackers exploits the classic flaws present in the Android operating system. In fact, the hackers send a message to users asking them to update the Flash application using the link in the text. Upon opening the link, the users will be redirected to an online store developed by third party companies and will download an infected APK file (the APK format is the one used to develop Android applications). To complete the installation, the app will ask to disable security settings. If consent is given, the APK file will install Marcher malware inside your smartphone.
How Marcher virus steals user's credentials
Banking malware manages to hide itself even from antiviruses: only 20% of software can detect it. The virus only comes into action when the user logs into the banking apps: if the user tries to log in, the malware steals the credentials and sends them to the hackers, who will then be able to enter the bank account undisturbed.
How to defend yourself against the virus
Marcher is a virus that is installed mainly due to the user's inability to recognize the dangerousness of applications downloaded from unofficial online stores. If during the installation of an application you are asked to change its security settings, in 99% of cases it is a virus and therefore it is better to block the process. If, on the other hand, you have not been paying attention and have installed the virus, you still have one last chance to return the situation to normal: delete the Marcher virus.
Android malware can be found anywhere, but if they are more frequent within online stores developed by third parties.