Marcher Trojan Uses New Tactic to Infect Android Users
A fraudulent Adobe Flash installer package is a pathway to infection and potential financial losses by way of the Marcher Trojan.Security firm Zscaler is warning about a new variant of the Android Marcher Trojan that is using Adobe Flash and adult content sites as a way to trick users into becoming infected and giving up financial information. There are a lot of different vulnerabilities in Adobe Flash—in fact, Adobe just updated for 23 new vulnerabilities this week—but the new Android Marcher Trojan isn't using an authentic version of Flash or exploiting vulnerabilities that Adobe has already patched. Rather, the Android Marcher Trojan uses a fake version of an Adobe Flash Player installer to infect users. "The majority of the Marcher Trojan downloads that we are blocking in the cloud are from porn sites," Deepen Desai, head of security research at Zscaler, told eWEEK. This appears to be a popular social engineering tactic where the user is prompted to install the Flash Player update to view the porn video and the attack cycle can start with an email or SMS." The email or SMS message that an infected user will get directs the user to the Google Play store to download an app called X-VIDEO. Users are asked to enter their payment card information in order to get access to X-VIDEO, even though the app is free. The fake payment page does say that "you will not be charged unless you make a purchase," Desai said.
"We did not see anything malicious in X-VIDEO, and this was also confirmed by Google's Android team," he said. "However, this may be a tactic to further convince the user into entering the payment information on the fake Google Play payment page to complete the account setup and download this porn app."