A threat offered on Russian underground forums since late 2013 known as "Marcher",
currently retails for roughly $5,000. The malware initially focused on
banks in Germany, but the list of targets was later expanded to include
France, Poland, Turkey, the United States, Australia, Spain, Austria and
others. IBM Security reported in early June that nine major banks in the UK had
also been added to the list of targets. Samples analyzed by PhishLabs
this month target the customers of 66 companies, including 62 banks,
Google email services and PayPal. IBM
reported earlier this month that the United States was the sixth most
targeted country, but PhishLabs said on Thursday that the Marcher Samples it has analyzed don’t target the U.S. “Because
the malware can be customized for each individual actor, it is possible
that other Marcher samples may include different targets and regions.
Expanded targeting seems likely in future based upon this capability,”
PhishLabs researchers explained. Depending
on the cybercrime group that is using it, Marcher can be delivered via
SMS messages, mobile adware, social media websites or spam emails. The
newest samples analyzed by PhishLabs have been distributed as Adobe
Flash Player installers. Similar to GM Bot and other Android banking Trojans, Marcher has been using custom
overlay screens to steal information from victims. While the Trojan has
mostly targeted banking applications, it’s also capable of stealing user
data from airline, payment, e-commerce and direct marketing apps. How can this Russian malware be mitigated? Send your recommendations to the Cloud and Cyber Security Center:
No comments:
Post a Comment