Old school malware keeps learning new tricks.
We have spoke about the Marcher strain of malware a few times here on UTB. Marcher is one of the malware strains that was hiding as Super Mario Run and other popular apps. The original 2013 version of the app created an artificial Google Play Store overlay to trick users into providing attackers their payment information. This quickly grew to artificial overlays of numerous banks and organizations.
Marcher has gotten even better at it’s job, and that makes it worse for victims of the malware. The most recent version of the malware is appearing as an Adobe Flash Player update. Current victims are downloading the software via false apps in third party app stores. Once the user attempts to open the app, it triggers the notification that the Flash Player needs to be updated, and then provides the user step by step instructions in how to update. These steps are instructions for turning off the security features of the device. Once the user completes these steps, the malware has everything it needs to carry out it’s function, and will hide the icon for the malicious app which the user initially downloaded.
With the infection in place, user’s will find that when they open many of their banking or social networking apps, they will be asked to sign in to their accounts all over again. Unfortunately, victims aren’t really signing in to their various apps, instead they are simply transmitting their login information to the malicious actors.
When downloading apps, especially if utilizing third party app stores, ensure you know what you are downloading. Make sure that the developers listed are the right developers for the app you are getting, and check user reviews.