S0317 Marcher
Marcher is Android malware that is used for financial fraud. 1
| Item | Value |
|---|---|
| ID | S0317 |
| Type | MALWARE |
| Version | 1.0 |
| Created | 17 October 2018 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1626 | Abuse Elevation Control Mechanism | - |
| mobile | T1626.001 | Device Administrator Permissions | Marcher requests Android Device Administrator access.1 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | Marcher attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. Marcher also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.1 |