Modus Operandi of this Trojan Virus
Once this malware infects the targeted device, it gets access to the administrative privileges before doing away with the icon of the app, misleading the user into believing that the app has been deleted. The truth of fact, however, is that the app remains to work in the background. It also collects sensitive information such as credit card/debit card number, CVV/CVC number, expiration date, and user’s private information. This malware also has a self-defense mechanism that stops users from uninstalling the banking app from the infected device. Addition to stealing of data like the login details of customers, the hackers can also capture verification text messages sent to the device, allowing them to thwart extra security measures put in place by the banks. This malware has abilities to access major applications within your Android like- Facebook, Facebook Messenger, Snapchat, Twitter, and Viper.
Levels at which this Trojan Virus attacks your phone.
Level 1- Payload Delivery- Multiple payloads were observed to be delivered through popcash.net ads. This was identified as the initial source of infection.
Level 2- New Android Marcher wave –Upon installation, this malware has the capability to speedily install and remove its icon from the phone menu. After successfully installing the malware registers the device with its server referred to as the command and control center (C&C). It is designed to upload the installed application list along with the app details like the logins etc to the C&C Center.
Level 3- C&C communication –The application waits for the user to use an app from the list uploaded to the C&C center. The malware target any financial app being used on your device. 40 such financial apps have been identified as being tracked by this malware once it infects the device. The C&C center tracks the usage and overlays the user with a fake login page to steal user credentials.
Level 4 – Fake login pages-Contrary to Marcher malware as seen in the past, this variant creates and maintains a JavaScript Object Notation (JSON) file. This file logs each targeted app and its fake login page hosting URL. This list is hardcoded in the malware payload.
Tips to Prevent Fake Adobe Flash Player Virus from Infecting Your System:
1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.
2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to the survey, outdated/older versions of Windows operating system are an easy target.
3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.
5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like McAfee or a good Malware Removal Tool like Download Free Virus RemovalTool
6. Install a powerful ad- blocker for Chrome, Mozilla,and IE.
