Skip to content

S0317 Marcher

Marcher is Android malware that is used for financial fraud. 1

Item Value
ID S0317
Associated Names
Type MALWARE
Version 1.1
Created 17 October 2018
Last Modified 11 December 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1476 Deliver Malicious App via Other Means Marcher is delivered via a link sent by SMS or email, including instructions advising the user to modify their Android device security settings to enable apps to be installed from “Unknown Sources.”1
mobile T1401 Device Administrator Permissions Marcher requests Android Device Administrator access.1
mobile T1411 Input Prompt Marcher attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. Marcher also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.1

References

Back to top