Android-targeting banking Trojan Marcher is on the rise, infecting devices via a phishing attack using SMS/MMS, gaining extensive privileges, displaying an overlay window to your banking app and collecting all your data, all the while successfully avoiding your antivirus apps.

It all starts with a phishing attack using SMS or MMS, with the messages including a link leading to a fake version of a popular app, such as WhatsApp, Runtastic or Netflix, to name a few. The link, however, doesn’t lead you to the good old Google Play Store, which is safe for the most part, but to a third-party app store. Of course, this doesn’t work if you don’t have the option selected from your phone’s security settings.

One of the most important pieces of advice on cybersecurity is that you should never input logins, passwords, credit card information, and so forth, if you think the page URL looks weird. Weird links are sometimes a sign of danger. If you see, say, fasebook.com instead of facebook.com, that link is weird.

But what if the fake Web page is hosted on the legitimate page? It turns out this scenario is actually plausible — and the bad guys don’t even need to hack the server that hosts the target page. Let’s examine how it works. The trick here is in the way our normal-looking Web page addresses are an add-on to real the IP addresses the Internet works with.

Devices running Android are being targeted by a new version of the Tordow malware, which was originally discovered earlier this year and attempts to obtain root privileges to perform a series of actions, such as stealing passwords.

Tordow 2.0 is primarily a mobile banking Android Trojan that attempts to root the device in order to get full control and then perform a series of tasks that include the following: make phone calls, control SMS messages, steal login credentials, access contacts, encrypt files, visit webpages, manipulate banking data, remove security software, reboot a device, rename files, and act as ransomware.

The current generation of Android banking trojans are all equipped with ransomware-like features in order to lock the user's device. Despite possessing such dangerous functions, very few Android banking trojans deploy them, focusing on their primary job of collecting login credentials for banking portals and instant messaging applications.

Nevertheless, when the ransomware feature is activated, the crooks behind the banking trojan do it for a very good reason. In most cases, the trojan's ransomware feature is used as a secondary monetization feature, activated on devices where the original banking trojan has failed to collect login credentials or credit card details.

Here's some bad news for Android users again. Certain low-cost Android smartphones and tablets are shipped with malicious firmware, which covertly gathers data about the infected devices, displays advertisements on top of running applications and downloads unwanted APK files on the victim's devices.

Security researchers have discovered two types of downloader Trojans that have been incorporated in the firmware of a large number of popular Android devices operating on the MediaTek platform, which are mostly marketed in Russia. The Trojans are capable of collecting data about the infected devices, contacting their command-and-control servers.

A new kind of malware attack is looking to turn victims into hackers by making them pass the infection on to someone else. This is a new, inventive and a particularly mean kind of attack, and it is sure to put some people in a tricky position.

Unless, of course, they heed the warnings of the security community, which got to this before we did. If they did, they would have already installed the applicable AV software and all that noise. In the meantime, the security firm that put us onto this is called MalwareHunterTeam, and it does not seem to be selling us anything. The ransom note is very revealing.

If you don’t go to suspicious sites, malware can’t get you — right? Well, no. Even those who do not open unreliable e-mail attachments, avoid porn sites, and do not install apps from unofficial stores are not well-enough protected.

New developments suggest that malware can be found even on an absolutely legitimate site, as 318,000 thousand Android users found out when their Android devices were attacked by the Svpeng.q banking Trojan from Google AdSense advertisements. Google AdSense is the biggest ad network in the world, so a lot of criminals dream about finding a way to use the network to spread their malicious programs worldwide.

It's been more than two years since the existence of the Ghost Push mobile Trojan was made public – but millions of devices are still vulnerable.

The Trojan infected up to 600,000 Android smartphone and tablet users per day at its peak. The malware runs a malicious DEX file after installation, an Android program executable, to root victim devices and run malicious processes on startup. Ghost Push is also able to install unwanted apps and programs, display adverts, spy on users, and steal personal information. The Trojan also pushes ads in the Android notification bar to trick users into paying for additional services," such as porn or other third-party software.

Why do I need to read this? This article will help you to protect the money in your bank account. Mobile banking Trojans — what are they? Every smartphone is a compact computer equipped with its own operating system and software, and so, just like PCs, smartphones are targeted by malware. 

Mobile banking Trojans are one of the most dangerous species in the malware world: They steal money from mobile users’ bank accounts. Who is at risk? People who own gadgets and use banking apps or buy something using application stores or in-app purchases. Android users run the highest risk of being attacked by mobile banking Trojans.

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods.

Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today.