In a grim reminder that cyber security can be effortlessly breached by hackers, a new kind of multi-pronged banking malware called Marcher Malware has been gripping Android phones since the beginning of this year. According to researchers, it is now spreading globally at an alarming rate.
How does it spread?
The notorious attack is carried by a phishing message that is delivered via email to a phone. The message is camouflaged to be from the victim’s bank and comprises of a link that is hidden by a URL shortener such as bit.ly.
The link ensnares the victim by taking them to a bogus landing page of their bank and asks for the victim’s bank account and pin information which is then harvested by the hackers.
Another variation of the same Marcher Malware is carried out by pop-ups that instruct potential victims to install their bank’s fake security app which demands access to the phone including opening network sockets, changing system settings, receiving and sending SMS messages reading address books, and even locking the phone.
Who has been affected?
Attackers have so far managed to nick user credentials of victims from BankAustria, Raiffeisen Meine Bank and Sparkasse, but the attack has already spread beyond Vienna.
The Marcher Malware has so far been observed worldwide although many banking trojans were set out in Europe, variations of which evolved and spread elsewhere.
According to Rajiv Dholakia, vice-president of products at Nok Nok labs, “Any attack such as this one is usually a canary in the coal mine and we have seen many banking Trojans start out in Europe in the past year and expand globally”.
How can you protect yourself?
One option is to upgrade your OS to the latest version i.e. Android Oreo which is available on Google’s Pixel and Nexus Phones. Secondly, for installing any third-party app never use any other app store except the official Google Play Store.
Also, don’t click on attachments of unsolicited mails asking for downloads unless you are absolutely sure of the origin and necessity of the document.