Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort:
“Masquerading as Adobe Flash Player Update is a classic malware technique. We have seen this recently in February 2017 with OSX/MacDownloader, which was a Mac Trojan built to steal passwords from the macOS keychain. It was posing as a fake Flash Player update, was found on the Mac of a human rights advocate and believed to originate from Iran.
“Famous Russian APT Snake, also known as Turla or Uroburos was also distributed in a ZIP archive named Adobe Flash Player.app.zip which is a backdoored version of Flash.
“Even back in 2010 when I worked at Facebook, we had to deal with Koobface, a worm that was spreading by delivering Facebook messages to people who are “friends” of a infected user, with links to what purported to be an update of the Adobe Flash player.
“This kind of social engineering is very popular on PCs and on Android devices but would not work on Apple iPhones, because Steve Jobs made a decision in April 2010 to disallow Adobe Flash on Apple mobile platforms. This is another one of the ways iPhones are safer from mobile malware than Android smartphones.
“In 2017, Android malware continues to grow, and while banking Trojans like Marcher are popular, most of the growth is coming from the mobile ransomware segment. It increased by over 250 percent during the first quarter of 2017, according to Kaspersky, from 61,832 to 218,625 detected files.
“To reduce the risk of infection on Android: lock your phone to only allow downloads from Google Play and avoid apps that have very few reviews.”
Ryan Wilk, Vice President of Customer Success atNuData Security:
“This latest instance of phishing-style malware is a good reminder to consumers to not trust third-party sites, and to go to their phones’ app store or vendors’ sites for apps and updates. Just as consumers have learned to not accept unsolicited phone calls and emails from banks, the same applies to software downloads. These phishing schemes are all about capturing data. At the core, these schemes look to steal users’ authentication credentials and other sensitive information.
“Any company using authentication needs to move toward newer and more secure techniques such as passive biometrics and behavioral analytics that can determine if the expected human user is accessing and transacting on the account– effectively negating the value of these types of phishing schemes and malware.”
“Mobile users will forever fall victim to well-crafted social engineering techniques. What makes Marcher so dangerous is its ability to evade popular antivirus programs that users currently rely on for protection. The only truly effective defense against this attack are newly-developed solutions that identify and mitigate the fake overlay action of Marcher. This is how you stop Marcher from stealing login credentials.”
Frederik Mennes, Senior Manager Market & Security Strategy at VASCO Data Security:
“While during the past years more than 90% of Android mobile banking malware families focused solely on Russian banks and payment organizations, we now see a clear shift to American and European organizations. Last April, the BankBot family targeted over 420 banks, attempting for the first time to steal the logon credentials of many European and American banks via overlay windows. This new variant of Marcher also targets many American organizations. In response to this growing threat, banks should protect their mobile banking apps using security solutions that detect and mitigate the overlay screen.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.