Skip to content →

Warning – Marcher Banking trojan – Now in CZ and SK

We’ve stumbled across new phising SMS campaign in Czech Republic, distributing Android Application (APK) with Banking Trojan Marcher, distributed from domain “dhl-express.online” (DHL is already aware of the issue). In Czech republic targets ČSOB Android applications SmartBanking for CZ and SK markets (cz.csob.smartbanking and com.zentity.sbank.csobsk).

SMS will be delivered from sender “Info” (no phone number), this is original text:
“Vazeny kliente DHL, vase zasilka nemuze byt dorucena z duvodu necitelne adresy. Pro zmenu adresy pouzijte nasi aplikaci: http://dhl-express.online/app.apk”

App (current variant from this morning, 2017-02-13), will connect your app into Botnet “MUCHTHENWERESTO”, and then will try to steal access details for various banking products, including Google Play, Facebook, Instagram, Skype, Viber, WhatsApp Messenger.

How to protect yourself? Do not download or install any applications from other sources than Google Play (Play Store).

More about Marcher Banking Trojan can be found here:  https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the_rise.html


App we found this morning has SHA256 fingerprint (checksum): 3d546feef23688ad78026bb1ececd15a88eb413df974f8b300ffb1e5f0729d4b


https://www.csirt.cz/page/3491/podvodne-sms-obsahujici-malware-se-vydavaji-za-sms-od-prepravce/


Published in Blog