Android Marcher now marching via porn sites

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Android Marcher now marching via porn sites
Botnet Marcher
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2016 / 2016-03-10
Editor/Conference Zscaler
Link http://research.zscaler.com/2016/03/android-marcher-now-marching-via-porn.html (Archive copy)
Author
Type Blogpost

Abstract

Android Marcher Trojan was first seen in 2013 scamming users for credit card information by prompting fake Google Play store payment page. In subsequent years, Marcher variants also started targeting banking applications by presenting fake login pages to steal user credentials.

Marcher has continued to stay active and was recently covered by phishlabs. In this blog, we will cover a new wave of Marcher Trojan that is active since past one month where the malware arrives as an adobe flash installer package. We have captured over 50 unique payloads from this campaign. Majority of these Marcher payloads are from pornographic sites serving fake adobe flash player for watching porn. The primary goal of this malware is still the same - display a fake Google Play store payment page and steal financial information from the user.

Bibtex

 @misc{empty2016BFR4864,
   editor = {Zscaler},
   author = {},
   title = {Android Marcher now marching via porn sites},
   date = {10},
   month = Mar,
   year = {2016},
   howpublished = {\url{http://research.zscaler.com/2016/03/android-marcher-now-marching-via-porn.html}},
 }