The so called Android Marcher Trojan has been using pornographic websites to make users download a malicious file, disguised as an application on the Google Play store, which steals their financial details.
The security experts reported that the malware was being delivered as a URL via e-mail or SMS which demands the victim to download and install Adobe Flash Player in order to access a porn website.
After being installed on the virtual machine, the Marcher Trojan prompts for administrative controls, and the user receives an MMS with a link to X-VIDEO porn app on a fake Google Play store. The application in question has been downloaded more than 100,000 times so far.
Being installed, the Android Marcher Trojan asks the user to enter payment credentials, and the cyber criminals get all the financial details they want.
Another interesting thing about the malware is that it recognizes other payment applications on the user’s machine and can also replicate a fake online banking login page based on information collected about already installed banking apps on victim’s device. This new wave of Marcher which uses porn has already exhibited more than 50 unique payloads.
“[The] Android Marcher trojan was first seen in 2013 scamming users for credit card information by prompting fake Google Play store payment page,” an analysis on the malware stated.
“In subsequent years, Marcher variants also started targeting banking applications by presenting fake login pages to steal user credentials. Marcher has continued to stay active.”
The security researchers added, “The primary goal of this malware is still the same – display a fake Google Play store payment page and steal financial information from the user.”
In order to avoid being a victim of Marcher Trojan and other malware, users should always download applications only from trusted app stores, such as Google Play.