A new variant of the Android Marcher malware uses pornographic enticements and new game hype to lure users to download a bogus Adobe Flash player, according to Zscaler researchers who discovered the latest variant.
Users are then asked to disable their security settings and allow third-party apps to install. Once the apps are installed, the malware removes its icon from the phone menu.
It then waits for the user to open one of over 40 targeted financial apps and then overlays a fake version of that financial website's login page. The malware then gleans the user's login credentials.
The financial sites the new Android Marcher variant is targeting includes TD Bank, Wells Fargo, PayPal, and others.
Read more about this latest Marcher variant here.