Marcher has been silent for a couple of years, but knowing it took time for its creators to release its newer versions in the past, we believe there is a chance the Trojan could still make a comeback. The first time cybersecurity experts discovered it was back in 2013. Afterward, three new upgrades showed up in 2016 and 2017. Each new version had the same capabilities as the first one but brought further improvements. As a result, the malicious application became more and more sophisticated. Thus, it was able to do a lot of damage to users and organizations with Android devices that the malware was targeted at right from the start. If you want to learn more about how Marcher works, how it could be spread, and what could be done to protect a system from it, we invite you to have a look at the rest of our report.
Specialists say that one of the worst Marcher’s capabilities is SMS intercepting. This ability could allow cybercriminals to view the contents of their victims’ messages, including codes received for Two-Factor Authentication. Also, it is said that the malware can spoof banking applications, games that are not yet released, and content alike. Spoofing is a malicious attack during which a person or a program could be tricked into accepting forged data as legitimate. For example, during a phone spoofing attack, hackers copy a chosen organization’s telephone numbers so that its caller ID information would show up to the victims they call. In such a situation, hackers can pretend to be working, for example, for a bank, and a victim might believe them because he would recognize his bank’s phone number.
Moreover, it looks like all of the Marcher versions can not only intercept SMS messages, but also send SMS messages, lock the victim’s device, execute commands received remotely, and so on. Also, versions that appeared in 2016 and 2017 were given tools to remain undetected. For instance, one of the versions released in 2017 was using the SSL protocol to encrypt the Trojan’s and the server’s communications. The next variant released the same year had an AES encryption algorithm that was used to encrypt and hide the Trojan’s list of infected applications as well as the traffic that was already protected with the SSL protocol. As the malware became more and more capable, it was employed in attacks on banking institutions in countries like the United Kingdom. However, we cannot claim that Marcher could not be used to attack regular home users. Thus, we recommend both sides to be cautious.
To protect systems from Marcher, researchers recommend using the newest Android versions that can provide more safety features and prevent attacks of similar Trojans. Additionally, it would be a good idea to install a reliable antimalware tool that would be capable of guarding your device against threats alike. Of course, knowing that the malware might be spread through malicious websites and advertisements as well, it is advisable to stay away from such material when surfing the Internet. You may encounter many ads or links that could seem tempting, but if you are not one hundred percent sure that such content will lead you to reliable websites, we advise not to take any chances.
The last thing we ought to mention is related to the malware’s deletion. If you think it could be hiding on your system, specialists recommend getting a reputable antimalware tool that could erase this vicious Trojan for you.