Android Marcher now marching via porn sites
(Publication) Google search: [1]
Android Marcher now marching via porn sites | |
---|---|
Botnet | Marcher |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2016 / 2016-03-10 |
Editor/Conference | Zscaler |
Link | http://research.zscaler.com/2016/03/android-marcher-now-marching-via-porn.html (Archive copy) |
Author | |
Type | Blogpost |
Abstract
“ Android Marcher Trojan was first seen in 2013 scamming users for credit card information by prompting fake Google Play store payment page. In subsequent years, Marcher variants also started targeting banking applications by presenting fake login pages to steal user credentials.
Marcher has continued to stay active and was recently covered by phishlabs. In this blog, we will cover a new wave of Marcher Trojan that is active since past one month where the malware arrives as an adobe flash installer package. We have captured over 50 unique payloads from this campaign. Majority of these Marcher payloads are from pornographic sites serving fake adobe flash player for watching porn. The primary goal of this malware is still the same - display a fake Google Play store payment page and steal financial information from the user.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4864, editor = {Zscaler}, author = {}, title = {Android Marcher now marching via porn sites}, date = {10}, month = Mar, year = {2016}, howpublished = {\url{http://research.zscaler.com/2016/03/android-marcher-now-marching-via-porn.html}}, }