Phishing attacks in the cyber world is relentless as ever, because of new vulnerabilities with the evolution of technology. We can’t deny that these threats exist, because victims are gaining in numbers and falling prey to Android Banking Malware which is being used for phishing activities. It is not a surprise that techniques are combined to be more effective, this has been going on in a techie’s wired up mind. But for those unaware this is a big surprise.
Phishing emails (a known technique) that are socially engineered being sent to unsuspecting users to visit a similar banking site which is a fake of course will ask for basic credentials that can identify a person as a user, and then a follow up email will be sent to a user telling him/her that they need to download the banking app to help improve security. Once the user is baited into downloading the app, he or she will be taken to a 3rd party download site to use the app and user will be required to enter more Identifiable information including critical details such as banking credentials.
It has been known that Malware (Another technique) can be found within Android devices, and an already known malware called Marcher malware is one of the known malware that steals your information. But how does it get in the system?
These type of malware thankfully is not available in the Appstore of Google Play, however it can be downloaded in a shabby manner where it can appear in fake Security update, fake software update, and other fake app announcement via Screen Overlay. Basically the fake updates can appear on unsecured apps downloaded from 3rd party app stores that is not redirecting downloads to Google Playstore. Another way where these invasive Screen Overlays occur are on mobile websites that are maliciously coded to show fake announcements to lure unsuspecting users to download “updates”.
Photo below is for information purposes
Figure 1Bank of Austria Fake Download Page
What can Marcher Malware do?
It opens up a screen where it asks for credit card information whenever you open up applications such as Google Play store and other similar apps that are known for purchasing using credit card information.
The well-known affected bank being targeted by this phishing malware is the Bank of Austria, the fake application taking shape as Bank of Austria’s app is running rampant packaged with the Marchare Malware.
Come to think of it, if a user was able to spot that the installed app is a fake, the phishing attempt could be avoided on that technique, however with the Marcher malware already installed it is possible that the user is unaware that the screen overlay which asks for credit card information while opening Google Play store is already a phishing attack. So the chances that an unsuspecting user giving out critical information using multiple techniques is more likely than a single method deployed for phishing attacks.
At this age, people must be more aware than ever especially when it comes to reading emails. Avoid downloading applications outside Google Playstore, though this is not foolproof it is still safer to download apps through authorized and official application distributor.
Always look for the secured hypetext transfer protocol(https) on websites that you visit. Https websites are less likely to be a fraud, but then again this is not foolproof yet a much better option than visiting unsecured sites.