Sharing is caring!

The Marcher Trojan has found a new way to infect Android users, by using a fraudulent Adobe Flash installer package and adult content sites. Unfortunately, there are a few victims who were tricked to give up financial information.

Recently, Adobe has addressed 23 of its biggest security flaws and the player is slightly more secure. But this didn’t stop hackers from using an authentic version of Flash to exploit the vulnerabilities that have been already patched and the new Android Marcher Trojan has infected many owners of an Android mobile device, by tricking them to use a fake version of an Adobe Flash Player installer.

According to Deepen Desai, head of security research at Zscaler, who was interviewed by eWEEK, “The majority of the Marcher Trojan downloads that we are blocking in the cloud are from porn sites,” after the users are prompted to install the latest version of Flash Player in order to view videos. He said that everything starts with an email or SMS, in which the users are advised to head to the Play Store and download an application called X-VIDEO. Then, they are required to enter their account information, otherwise they won’t get access to X-VIDEO, although the application is totally free. Desai is warning that the users are making the payment, after being convinced by the fake payment page, so they lose money without knowing that this application is free.

Zscaler has detected the new Marcher campaign using its Zscaler cloud platform and Desai said that the company’s antivirus and cloud sandbox has protected the customers against this new scam. In a first phase, Zscaler has managed to block over 50 payloads from the new Marcher campaign, which is targeting Android users.

In March, Google has issued an update for its platform, patching 19 vulnerabilities, and even if the company would fully patch Android, the Marcher Trojan could not be stopped, because, as Desai has specified, “This malware will work fine on the latest Android operating systems provided the user clicks and installs the package, which is usually successful due to the porn lure”.