By Melissa Dobstaff
Malicious software, more commonly known as malware is extremely common in the high tech world that we currently live in. The constant use of computers and mobile devices leaves us more compromised than ever when it comes to malware attacks. One new type of malware that has garnered some attention is known by the moniker “marcher malware,” a specific type of malicious software that has been attacking android devices for the past year.
Marcher malware infects devices and allows for the theft of personal information, bank account credentials, and/or financial information in one go. What makes this malware somewhat unique is that it combines banking Trojans with phishing scams, a crossover that has been noted as rather unusual. The use of Trojans and viruses is common in and of its own, as are phishing scams but combining the two is a relatively new phenomenon, and one that we should be prepared to spot.
So how does it really work? The first step is usually a phishing message allegedly from the user’s bank and sent straight to that users phone. This message then prompts the user to access a webpage that prompts them for their bank login credentials. These hackers put together a fake banking website in order to trick their victims into giving them all of the information they could possibly need to access a bank account. From the account number, user ID, password, to the pin number, these hackers have thought of it all, but that is only the first step of the scam.
Once the hackers have successfully gathered the first round of information they then proceed to push another prompt upon their victims, who are then tricked into downloading a new security feature offered by who they assume to be their bank. Once this new software is downloaded to the user’s mobile device, the hackers have ultimately given themselves backdoors into the mobile device as well as its apps.
This trend towards not only harvesting the personal and financial information of their victims is concerning alone, but what is even more troublesome is the control and access that these hackers are gaining to the mobile devices. If we stop to think about how extensively we use our mobile phones the access they have is endless. We shop, we bank, we live our lives through the use of these devices and in the hands of the wrong person, the information they contain can be more harmful than we dare to imagine.
While currently these marcher malware attacks appear to target a select number of banks within Vienna, Austria, the reach of these scams cannot be contained forever. It is fully expected that these scams will spread worldwide, but where and when they will appear next is unknown. Android users should be aware of the risks and vulnerabilities associated with their devices.
It is often said that the best form of offense is a good defense, which is why as consumers, we should strive to be vigilant and aware of the risks that our mobile devices make us vulnerable to. There are many red flags that we can often spot if we just take the time. Experts advise that Android users slow down and use a bit of common sense. Always avoid emails and messages from unknown senders, and be sure to only download apps from trusted sources. Now while it is impossible to remain immune from the threat of these malware attacks, by taking simple precautions users can reduce their risks of becoming a victim. It is only a matter of time before these attacks spread beyond Europe and Android users should take this time to learn about the threat at hand and how avoid falling prey to such an attack.
Student Bio: Melissa Dobstaff is a Blog Editor of the Journal of High Technology. She is currently a 3L at Suffolk University Law School. She holds a B.S. in International Business Management with a minor in Spanish from Youngstown State University and a Post Baccalaureate Certificate in Paralegal Studies from Kent State University. Melissa is the Co-President of the Business Law Association for the 2017-18 academic year.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.