The Marcher trojan has come up with a new way to infect Android users: pose as a fake firmware update.
Researchers at security firm Zscaler explain this version of the malware is being distributed as “Firmware_Update.apk”:
An HTML page serving this malware scares the victim by showing that the device is vulnerable to viruses and to prevent personal data theft, prompting them to install the fake update.
The message, which pretends to come from Google, attempts to frighten Android users into believing that their smartphone or tablet is already infected by malware, and that personal information may be accessible to other internet users.
Your phone is insecure!
Your Android device has 3 critical issues and is vulnerable to viruses.
Some of your photos, chat messages and account passwords may have become visible to others on the internet.
To prevent further data leaks please download firmware update.
Upon installation, the Marcher malware asks for administrative access.
The malware needs those privileges to check for banking and payment apps as well as other well-known services installed on the victim’s device, including Facebook, WhatsApp, Instagram, Gmail, and others. If the user opens any of those apps, Marcher will see it coming, overlay a fake login page, and wait for them to enter in their credentials.
See original post Graham Cluley…