Marcher

Marcher is Android malware that is used for financial fraud. [1]

ID: S0317
Type: MALWARE
Version: 1.0
Created: 17 October 2018
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1626 .001 Abuse Elevation Control Mechanism: Device Administrator Permissions

Marcher requests Android Device Administrator access.[1]

Mobile T1417 .002 Input Capture: GUI Input Capture

Marcher attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. Marcher also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.[1]

References