Criminals have applied a fresh coat of paint to an old but dangerous Android malware campaign targeting consumers in countries including Australia over SMS.

The Marcher malware first appeared in 2013 targeting Russian users. Since then it has matured and now targets victims in multiple countries, including Australia.

Marcher is sent through messages that make various claims including masquerading as Telstra, a major Australian bank, or an energy company. These ruses are whatever the criminals think may work.

We have seen since November malicious SMS messages from Marcher asking recipients to install applications after they browse to a malicious site. The website will attempt to download an application installation file (.apk) containing Marcher if it determines the victim is operating an Android device.

Apple iPhone users are not exposed.

One type of Marcher installation instructions as part of a cyber security breach
One type of Marcher installation instructions. Credit: zscaler

Modern Android phones will protect victims by throwing up warning messages which victims must approve for the malware to be installed.

Marcher, if granted the approvals it requests such as installation from unknown sources, can replace online banking forms to steal any information the victim is tricked into entering. Using this and many other advanced techniques, it can steal large amounts of money from victim bank accounts.

You can protect yourself against Marcher, and large swathes of other malware forms like it, by adopting a security mindset.

Here are some tips from Telstra security experts for you to consider. Apply these on all devices you use, for email, SMS, and any other digital communication medium you use.

Regarding protections and best practices:

  • Never click on links sent to you in unexpected SMS or MMS messages;
  • If you do inadvertently click, never install any software that you may be prompted to install;
  • Ensure your mobile device is fully updated to the latest version of its operating system;
  • For Android, do not enable the ability to install software from third party or unknown sources (Settings -> Security)

Generic remediation instructions:

Mitigation and remediation options Resources
Remove malware application IOS


Factory reset

(this will wipe local phone data)