Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 03:31:16 UTC
Home > List all groups > List all tools > List all groups using tool Marcher
 Tool: Marcher
Names Marcher
Category Malware
Type Banking trojan, Credential stealer
Description
(ZScaler) Upon infection, Marcher would inspect the victim’s device and send a list of all installed
apps to its command and control (C&C) server. If the malware found any German financial apps
installed in the device, it would show a fake page asking for credentials of that particular institution.
Unaware that the login page is a fake, the victim would provide their credentials where they would
then be sent to the malware’s C&C. The malware would also show a fake Google Play payment page
if the infected device did not have any German financial firm apps.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Marcher
Changed Name Country Observed
Unknown groups
 _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7edce969-8cb1-410a-abb1-1612803b3e35
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7edce969-8cb1-410a-abb1-1612803b3e35
Page 1 of 1