Security researchers have discovered a new malicious attack directed at Android users which utilize phishing and a banking Trojan in order to steal financial information.
According to a report by Proofpoint, this involves the Marcher malware which first appeared back in 2013 and targeted Russian Google Play users. It was also able to achieve global reach as it became a part of a malware-as-a-service scheme, allowing anyone to utilize its components.
The spoofed page asking for banking credentials | via Proofpoint
The latest attack now targets customers of Austrian banks. It begins with a phishing email that contains a shortened link, which when clicked will redirect to a page that spoofs Bank Austria. Those behind the fake website have even taken the time to register different domains that contain ‘bankaustria’ in the title, to further convince unsuspecting users that they are indeed visiting a legitimate site.
Should the email recipient enter their banking details, they will then be asked to log in using their email address and phone number. At this point, after the information has been captured, the page will then prompt with an installation of a mobile app, apparently emphasizing that it is required in order to proceed.
Obviously enough, because the app is fake and can’t be hosted on Google’s official app store, the phishing template asks the user to enable Android’s setting to install applications from unknown sources. Allowing this will install the Marcher malware.
It will ask for permissions to directly call phone numbers, read contacts, read/write messages, modify settings, and force the device to lock, among many others. Once installed, it will mimic the Bank Austria icon. In addition to operating as a banking Trojan, the malware will also ask for credit card details whenever the user opens apps such as Play Store.
Proofpoint’s data shows that almost 20,000 people fell for the scam, and had given their banking information to the cybercriminals behind the scheme. Other Austrian banks were also seen being imitated.
The security firm warns that such attacks could extend across mobile and desktop environments, with variety of threats growing in number.
All things considered, it always helps to have a watchful eye over the emails we receive, as cybercriminals are always coming up with new and mischievous ways to steal personal and financial information. Also, disallowing installation of raw Android files as much as possible can go a long way, to be able to lessen the chances of contracting malware in the future.