Marcher Mobile Bot Adds UK Targets, Steps Up Banking Fraud Capabilities

IBM X-Force Research noted a recent shift in the targets of the Marcher mobile bot. Per X-Force analysis of Marcher samples, the malware has just added nine major bank brands in the U.K. to its target list. This mobile malware already goes after financial entities in other countries, including Germany, Austria, France, Australia and Turkey.

About the Marcher Mobile Bot

According to X-Force intelligence, Marcher first appeared in the wild in late 2013. It is known to be a commercial offering sold in Russian-speaking underground forums by its supposed developer or distribution accomplices.

In the first year of its activity, Marcher did not target banks; initially, it was only used by its various operators to steal credit card information from infected victims. To do so, a phishing overlay screen was triggered when users accessed the Google Play app store, plastering a fake window on top of the app store’s activity to request users’ credit card number, expiration date and CVV2 code. In 2014, Marcher began targeting banks, starting with a large bank in Germany, PhishLabs reported.

Aggregating Marcher configurations allows us to see a view of its top target geographies. The U.K. was added to the list in late May 2016.

Read this post here.

you can also find information on Marcher on X-Force Exchange!