Researchers Spotted Two New Android Banking Trojan Targeting Users in India

cyber security professional

Security researchers discovered two new Android Banking Trojan named “Android.Marcher.C” and “Android.Asacub.T” targeting users in India

Researchers from Quick Heal Security Labs spotted the malware stealing confidential information from Android users in India.

The malware imitates popular social media apps and banking apps through which they gain administrative privileges on the infected device and allowing them to steal user’s banking credentials.

“Quick Heal Security Labs has spotted two banking Trojan malware. These malware imitate some popular social and banking apps. While doing so, they gain access to some security permissions on the infected device which allow them to steal the user’s banking credentials. The malware are able to do this by displaying a fake window that asks for a debit/credit card number. “ said in blog post published by Quick Heal Security Labs.

The first malware imitates as Adobe Flash Player app to trick users, and If installed, it asks for Device Administrator rights. The malware will keep asking for the permission until the user click activate button.

Android Banking Trojan

The malware then hides the icon and send a text a message to a premium rated number without user’s permission containing device ID.

The malware consists of a list of apps it imitates which is mostly social media, browsing, and banking related apps. When the user opens any apps present in the list of malware it displays a fake overlap window asking for debit/credit card number. It will keep displaying until the user enters the banking credentials restricting users access to Google play or any other apps on the list.

If the user enters the card number, the information is sent to a malicious server (hxxp://

Android Banking Trojan

The Android.Marcher.C malware is also capable of stealing any incoming message to the infected device and send it to the malicious server.

The second malware Android.Asacub. Tricks as an update app and if the user installs the app, it will ask to enable Google Play service. Once it’s enabled the malware hides the app icon.

“In the background, the malware it keeps searching the mentioned app’s name on the list. If found, it shows a notification on behalf of the particular app and shows a similar login page and steals user’s credentials.”

The malware uses commands to steal user’s personal information such as contacts, messages, location, etc.

Always follow these basic steps to prevent your smartphone from infection:

  1. Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
  2. Don’t download attachments from unknown sources.
  3. Always Use google play store to install apps, don’t use any third party app stores.
  4. Download apps from verified developers and check their app rating and download counts before installing an app.
  5. Verify app permission before installing an app.
  6. Install the best and updated antivirus/anti-malware software which can detect and block these type of malware.
  7. Always keep play protection ON
  8. Always keep your device OS and apps up to date.

Please rate this content