Marcher

Description

(ZScaler) Upon infection, Marcher would inspect the victim’s device and send a list of all installed apps to its command and control (C&C) server. If the malware found any German financial apps installed in the device, it would show a fake page asking for credentials of that particular institution. Unaware that the login page is a fake, the victim would provide their credentials where they would then be sent to the malware’s C&C. The malware would also show a fake Google Play payment page if the infected device did not have any German financial firm apps.

Names

Name
Marcher

Type

Banking trojan
Credential stealer

Information

https://www.zscaler.de/blogs/research/android-marcher-continuously-evolving-mobile-malware
https://www.clientsidedetection.com/marcher.html
https://www.clientsidedetection.com/exobot_v2_update___staying_ahead_of_the_competition.html

Mitre Attack

https://attack.mitre.org/software/S0522/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.marcher

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Marcher

Other Information

Uuid

7edce969-8cb1-410a-abb1-1612803b3e35

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Marcher

Marcher

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks