The number of organizations whose customers are targeted by the Android banking Trojan known as “Marcher” has increased considerably over the past period, but PhishLabs researchers said the latest samples they have analyzed don’t target the United States.
Marcher, a threat offered on Russian underground forums since late 2013, currently retails for roughly $5,000. The malware initially focused on banks in Germany, but the list of targets was later expanded to include France, Poland, Turkey, the United States, Australia, Spain, Austria and others.
IBM Security reported in early June that nine major banks in the United Kingdom had also been added to the list of targets. Samples analyzed by PhishLabs this month target the customers of 66 companies, including 62 banks, Google email services and PayPal.
IBM reported earlier this month that the United States was the sixth most targeted country, but PhishLabs said on Thursday that the latest Marcher samples it has analyzed don’t target the U.S.
“Because the malware can be customized for each individual actor, it is possible that other Marcher samples may include different targets and regions. Expanded targeting seems likely in future based upon this capability,” PhishLabs researchers explained.