Android Marcher Trojan Morphs and Targets Porn Sites
Sex sells—especially online. Unfortunately, cybercriminals know about this concept too. Recently, a new variant of the Marcher trojan was seen using Adobe Flash and porn sites to lure Android users into giving up financial information.
According to reports, the attackers are targeting Android users who visit porn sites by prompting them to install a malware-infected payload disguised as an Adobe Flash Installer Package. The malware is designed to steal the user’s banking information from a phishing page disguised to mimic Google Play store payment page that the user needs to fill out in order to access the content. On some occasions, the malware would prompt users to download the X-VIDEO app from the official Google Play store; however, the app has been verified to be safe.
The three year old Marcher has evolved into a sophisticated malware capable of knowing a device’s application profile. While the malware’s methods aren’t new, Marcher is targeting users with fake Google Play and bank login pages on Android devices.
This isn’t the first time cybercriminals used sexually explicit material to fool mobile users. Last year, fake versions of porn apps were among the many lures that the Yanbian Gang used to infect millions of Android mobile banking customers in South Korea. Trend Micro Mobile Threat Researcher, Simon Huang, explains that the malware come “in the guise of popular porn apps with lewd icons and names and eye-catching descriptions like photos of sexy women and ‘porn movies’.
[READ: How fake porn apps were used to infect millions of mobile banking users in South Korea]
Users can check their devices for infection by going to Settings>Security>Device Administration. If an application with an Adobe Flash player icon called Device Admin is running, revoke the administrator rights by clicking on the app and deactivating it.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Recent Posts
- Ransomware Spotlight: Ransomhub
- Unleashing Chaos: Real World Threats Hidden in the DevOps Minefield
- From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Attack Surface Management
- AI Assistants in the Future: Security Concerns and Risk Management
- Silent Sabotage: Weaponizing AI Models in Exposed Containers