Android Marcher Trojan Poses as Super Mario Run

The dangerous Android Trojan Malware has been identified in several counterfeit Super Mario Run games available on the Internet.

The Marcher Trojan Impersonates the Super Mario Run Android Game

Security researchers have identified that the famous Android Marcher Trojan has been targeting Android users by posing as the Super Mario Run game. This is a popular game that has been released for the iOS operating system. The Nintendo-published game is not officially released for Google’s operating system and we have witnessed several unofficial clones. A very similar incident happened last year when several Pokemon Go related malware hit thousands of users. Upon infection with the fake game the banking Trojan is installed on the host device. When it is installed on the victim’s phone or tablet it requests the following permissions:

  • Modify System Settings
  • Read Your Contacts
  • Directly Call Phone Numbers
  • Read Phone Status and Identity
  • Read Your Text Messages (SMS or MMS)
  • Receive Text Messages (SMS)
  • Send and View SMS Messages

Like previous Marcher incidents the virus asks for administrative rights and if such are not granted by the user, the malware spawns multiple request screens until that is done. The full potential of the threat is activated when that is done. Marcher is a well-known banking Trojan that uses overlay window to capture the account credentials entered on various online services and e-banking sites. The new version was observed to display counterfeit payment card pages to the users once they open the Google Play store app on their devices.

The identified malware samples have been identify to have broken overlay pages. This likely means that the malware is still under development. The Android Marcher Trojan has been identified to feature a new obfuscation technique with all the important string characters delimited using the <> string.

The Android Marcher has been Trojan has been active since 2013 and continues to target mobile users and their financial information.

Mobile users can avoid infections with this malware and other related viruses by downloading application only from the Google Play Store. The security researchers advise that everyone uncheck the Unknown Sources

option in the Security settings.

Previous high-impact Marcher strains have posed as counterfeit Android system updates. We remind our readers that users can get tricked into downloading the file from various fake websites. HTML pages that contain Marcher are designed to look like security alerts with the Google logo.

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts