Raiffeisen Meine Bank, BankAustria, and Sparkasse customers have been targeted by a banking Trojan named Marcher which launched as a phishing email pretending to be from the victim’s bank. Once the link on the email is clicked, it takes the recipient to a fake website that requests PIN numbers and account information. Then a popup asks the user to install the bank’s “security app” which is actually Marcher.
Normally, a phishing scam like this isn’t newsworthy anymore but this is different because it targets specific banking customers and bundles the attack with the malware infection.
Once installed, Marcher asks for permissions to every aspect of the android device, like SMS, networking, address books and more and it also asks for the victim to re enter credit card numbers for apps that require purchases such as Google Play.
Android users are advised to make sure that they keep their devices updated as well as avoid clicking on email links and installing apps from those links.