Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


Lookout for phishing malware posing as Adobe Flash update

Fraud Alert:

The foremost Android malware has evolved yet again and this time it is masquerading as another update for a plugin that is still widely used to this day.

It’s the latest variant of a long line of disguises this tricky Android malware has assumed since it was discovered in 2013.

The malicious Android software is nicknamed Marcher and it is extremely devious since it tricks users into relinquishing credentials and credit card information by overlaying real applications with fake mobile phishing pages resembling the real thing.

This time, it is assuming the form of a fake Flash Player update. As you may very well know, Flash Player is a widely used video playback plugin that is still used by many websites.

The latest ruse was discovered by Zscaler security researchers and they reported that the technique uses adult content links and the excitement surrounding new mobile games to trick users into downloading the fake Flash Player update. Thankfully, all of the infected apps come from third-party sources and are not available in the Google Play store.

This is how Marcher does its latest wave of infection. Embedded within the affected apps are URL links that are planted with the fake Flash Player update. Once the links are opened by the would-be victim, a message pops up stating the Android gadget’s Flash Player is outdated and it requires an update. If the user proceeds with this fake update named “Adobe_Flash_2016.apk,” the Android device will be infected with Marcher.

The sneaky malware will even guide the victim on how to disable security settings and permit the gadget to allow other third-party apps to install. Once these third-party apps are installed, the malware’s icon is deleted from the phone menu.

Once all the preliminary necessary steps are done, Marcher will then communicate with its command and control center to register the infected device and send pertinent data such as all of its installed apps.

The malware will now wait for the victim to open any of the targeted apps in its list and then overlay them with fake ones.

The overlays will look like the legitimate login pages of the apps affected, but they’re actually mobile phishing sites designed to steal your user credentials and credit card and banking information.

Popular apps being targeted for the fake overlays include the Google Play store, PayPal, Chase, Wells Fargo, Morgan Stanley, Amazon, American Express, Schwab, Citibank, Western Union, TDBank, Walmart, eBay, Facebook and others.

Here’s the full list of the overlayed apps from Zscaler:

  • com.android.vending
  • org.morgbigorg.nonem
  • com.google.android.gm
  • com.yahoo.mobile.client.android.mail
  • com.htc.android.mail
  • com.android.email
  • com.paypal.android.p2pmobile
  • com.chase.sig.android
  • com.suntrust.mobilebanking
  • com.wf.wellsfargomobile
  • com.citi.citimobile
  • com.konylabs.capitalone
  • com.infonow.bofa
  • com.morganstanley.clientmobile.prod
  • com.amazon.mShop.android.shopping
  • com.htsu.hsbcpersonalbanking
  • com.usaa.mobile.android.usaa
  • com.schwab.mobile
  • com.americanexpress.android.acctsvcs.us
  • com.pnc.ecommerce.mobile
  • com.regions.mobbanking
  • com.clairmail.fth
  • com.grppl.android.shell.BOS
  • com.tdbank
  • com.huntington.m
  • com.citizensbank.androidapp
  • com.usbank.mobilebanking
  • com.key.android
  • com.ally.MobileBanking
  • com.unionbank.ecommerce.mobile.android
  • com.mfoundry.mb.android.mb_BMOH071025661
  • com.bbt.cmol
  • com.sovereign.santander
  • com.mtb.mbanking.sc.retail.prod
  • com.fi9293.godough
  • com.circle.android
  • com.coinbase.android
  • com.walmart.android
  • com.bestbuy.android
  • com.gyft.android
  • com.commbank.netbank
  • org.westpac.bank
  • au.com.nab.mobile
  • org.stgeorge.bank
  • com.facebook.katana
  • com.moneybookers.skrillpayments
  • com.westernunion.android.mtapp
  • au.com.ingdirect.android
  • au.com.bankwest.mobile
  • org.banksa.bank
  • com.ebay.mobile
  • com.ebay.gumtree.au
  • com.anz.android.gomoney
  • com.anz.android

Click here to read Zscaler’s full report.

Zscaler also notes that this current variant of Marcher can bypass most Android antivirus programs so extreme vigilance is required.

Protect yourself against Marcher

As always, to protect yourself against Marcher and other Android malware, the best practice is to avoid downloading and installing apps from “Unknown Sources.” Only download apps from the official Google Play app store and make sure you check user reviews, too, before installing.

Second, be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don’t grant any system permissions to prompts coming from unknown sources.

And lastly, always be careful. As seen with this new Marcher malware tactic, things are sometimes not what they seem.

For more news and security tips from America’s digital tech expert, Kim Komando, visit komando.com.

More must-read stories:

Watch out! Travel rental scams on the rise

Facebook introducing security feature that’s absolutely essential

If your phone rings then stops, don’t call back – It’s a scam

Article source: https://www.komando.com/happening-now/405540/lookout-for-phishing-malware-posing-as-adobe-flash-update




Lookout for phishing malware posing as Adobe Flash update

Fraud Alert:

The foremost Android malware has evolved yet again and this time it is masquerading as another update for a plugin that is still widely used to this day.It's the latest variant of a long line of disguises this tricky Android malware has assumed since … [Continue reading]




Norwegians Collect Money to Fix Penis-Shaped Rock Formation

Fraud Alert:

HELSINKI (AP) — Activists are collecting money to repair a penis-shaped rock formation in southern Norway after the popular tourist attraction was found badly damaged. Joggers discovered Saturday that the Trollpikken rock formation had cracked and … [Continue reading]




'Most hated man' Martin Shkreli faces US fraud trial

Fraud Alert:

Today's Fraud News from around the world: 'Most hated man' Martin Shkreli faces US fraud trial: Tonight (AEST), the 34-year-old New Yorker, the son of Albanian immigrants who worked as janitors, is due in court in Brooklyn to contest … [Continue reading]




Court interpreter in Court for corruption

Fraud Alert:

McAnderson Doctor, working as a Court interpreter at Galeshewe Court for the Department of Justice, appeared on Thursday, 22 June 2017 at Kimberley Magistrates Court on two charges of corruption and defeating the ends of justice. He was arrested on … [Continue reading]




Breach at UK.gov’s Cyber Essentials scheme exposes users to …

Fraud Alert:

Updated The operation behind the UK government's Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme's badges are required by suppliers bidding for … [Continue reading]




Fake Amber Alert: Plate 72B 381

Fraud Alert:

CLAIM An Amber Alert was issued for three-year-old girl taken by man in a grey car. FALSE RATING FALSE ORIGIN … [Continue reading]




Husband-snatching actress in fraud saga

Fraud Alert:

Today's Fraud News from around the world: Husband-snatching actress in fraud saga: Not many people really know much about her until a few months ago, when she was accused by a popular actress of snatching her husband.: Google Alert - Fraud … [Continue reading]




Beware of phishing emails from fake courier companies: SingCERT

Fraud Alert:

SINGAPORE: It may look like a legitimate email from "DHL Express", but click on the attachment and a malicious code would be downloaded onto the recipient's device, infecting it with malware. Reports of such phishing emails from fake logistics … [Continue reading]




Did 5.7 Million ‘Illegal Immigrants’ Vote in the 2008 U.S. Election?

Fraud Alert:

CLAIM Credible evidence suggests that 5.7 million illegal immigrants might have voted in the 2008 election. FALSE RATING … [Continue reading]




Did 5.7 Million ‘Illegal Immigrants’ Vote in the 2008 U.S. Election?

Fraud Alert:

CLAIM Credible evidence suggests that 5.7 million illegal immigrants might have voted in the 2008 election. FALSE RATING … [Continue reading]




Free CLE – Representing Clients in Real Estate Fraud Matters

Fraud Alert:

Today's Fraud News from around the world: Free CLE – Representing Clients in Real Estate Fraud Matters: Free CLE – Representing Clients in Real Estate Fraud Matters. June 29, 2017, 5:30 pm - 7:00 pm. Bet Tzedek 3250 Wilshire Blvd., 13th Floor: … [Continue reading]




RUN SHAREHOLDER ALERT: The Law Offices of Vincent Wong …

Fraud Alert:

NEW YORK, June 22, 2017 (GLOBE NEWSWIRE) -- The Law Offices of Vincent Wong announce that a class action lawsuit has been commenced in the United States District Court for the Northern District of California on behalf of investors who purchased … [Continue reading]




Too smart to fall for a spear-phishing message? Think again

Fraud Alert:

Let's face it, phishing attacks—where cybercriminals disguise their malware-laced digital messages to give the appearance of official communiqués—are way more successful than anyone would like. Verizon's 2017 Data Breach Investigations Report … [Continue reading]