This list is hardcoded in the malware payload.ġ. This file logs each targeted app and its fake login page hosting URL. Level 4 – Fake login pages-Contrary to Marcher malware as seen in the past, this variant creates and maintains a JavaScript Object Notation (JSON) file. The C&C center tracks the usage and overlays the user with a fake login page to steal user credentials. 40 such financial apps have been identified as being tracked by this malware once it infects the device.
The malware target any financial app being used on your device. Level 3- C&C communication –The application waits for the user to use an app from the list uploaded to the C&C center. It is designed to upload the installed application list along with the app details like the logins etc to the C&C Center. After successfully installing the malware registers the device with its server referred to as the command and control center (C&C). Level 2- New Android Marcher wave –Upon installation, this malware has the capability to speedily install and remove its icon from the phone menu. This was identified as the initial source of infection. Level 1- Payload Delivery- Multiple payloads were observed to be delivered through ads. Levels at which this Trojan Virus attacks your phone. This malware has abilities to access major applications within your Android like- Facebook, Facebook Messenger, Snapchat, Twitter, and Viper. Addition to stealing of data like the login details of customers, the hackers can also capture verification text messages sent to the device, allowing them to thwart extra security measures put in place by the banks. This malware also has a self-defense mechanism that stops users from uninstalling the banking app from the infected device.
It also collects sensitive information such as credit card/debit card number, CVV/CVC number, expiration date, and user’s private information. The truth of fact, however, is that the app remains to work in the background. Once this malware infects the targeted device, it gets access to the administrative privileges before doing away with the icon of the app, misleading the user into believing that the app has been deleted.
0 kommentar(er)
