The PhishLabs Blog

Joshua Shilko

Joshua works as a Manager, Digital Forensics and Incident Response within PhishLabs Research, Analysis, and Intelligence Division. He holds an M.S. in Cybersecurity - Computer Forensics from Utica College, a National Center of Academic Excellence in Cyber Defense Education.
Find me on:

Recent Posts

Marcher Android Banking Trojan - Threat Actor Shifts Technique to Evade Detection

Posted by Joshua Shilko on Jul 12, '17

PhishLabs has recently observed a technique change implemented by a threat actor tracked by our Research, Analysis, and Intelligence Division (R.A.I.DTM). This actor is utilizing a variant of the Marcher Android banking trojan to target clients of financial institutions, payment companies, auction sites, retailers, email providers, and social media companies, primarily located in North America.

Overview of Marcher

Marcher is a family of malicious Android applications that run in the background on an infected device and monitor its operation to detect the launch of specific applications or websites. When a targeted application or site is opened, Marcher overlays the screen with a customized phishing site which mimics the look and feel of the targeted institution. Marcher first appeared in 2013, and there are a number of variants in the wild with varying levels of functionality. Some samples contain only the web overlay and credential theft capability, while others extend functionality to include the ability to intercept and send SMS messages, lock the screen, steal system data, detect and hide anti-virus software, and even utilize the infected device as a SOCKS proxy.  

Read More

Marcher and Other Mobile Threats: What You Need to Know

Posted by Joshua Shilko on May 26, '17

When most people think about cyber risk, they think primarily of their organization’s servers, PCs, and laptops, and how they might be vulnerable to attack.

But in recent years, the way in which users interact with the outside world has changed. In March this year, for the first time ever, Android overtook Windows to claim the largest share of Internet traffic.

And naturally, where users go, threat actors will surely follow.

Read More

Topics: Mobile, Rogue Mobile Applications, Mobile Crimeware

Marcher Android Malware Increases its Geographic Reach

Posted by Joshua Shilko on Jun 23, '16

Earlier this year, PhishLabs wrote an in-depth analysis on Marcher, an Android Banking Trojan which is available for purchase as a kit on underground marketplaces. Marcher runs in the background on an infected device and monitors its operation to detect the launch of specific applications or websites. When a targeted application or site is opened, Marcher overlays the screen with a customized phishing site which mimics the look and feel of the targeted institution. Recent samples of Marcher have demonstrated an increase in total number of targeted institutions as well as a spread to additional geographic locations.

Read More

Topics: Malware, Android, marcher

Fraudster Phishing Users with Malicious Mobile Apps

Posted by Joshua Shilko on Apr 25, '16

Since the beginning of 2016, PhishLabs has observed a number of malicious mobile applications targeting users of popular payment card companies and online payment sites.  These attacks combine traditional, browser-based phishing attacks with the mobile platform in order to create convincing mobile applications. These applications claim to afford the user access to their accounts directly from their mobile device; however, their only functionality is the capability to collect credentials and personal information and deliver that stolen information to the attacker. Our research has indicated that these malicious applications have been created by the same actor or group of actors.

Read More

Topics: Phishing, Brand Abuse Lure, Mobile

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all