Dubbed SpyDealer as like "Marcher" ,The Trojan is capable of gathering the information from user phone(Android) such as phone number , message , contact details and even call history.
Malware researchers at Palo Alto Networks have spotted a new Android Trojan, dubbed SpyDealer that can exfiltrate data from more than 40 applications, including WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
"The mobile malware only works Android versions from 2.2 up to 4.4 releases , that are the versions supported by the rooting tool."
Once installed, the malware doesn’t show an application icon, but registers “two broadcast receivers to listen for events related to the device booting up and network connection status.” At the first launch, the malware retrieves configuration information (from a local asset that can be remotely updated) such as the IP address of a remote command and control (C&C) server, the actions it can take on mobile networks, and the actions allowed under a Wi-Fi network.
If you see Marcher is more power power full Malware but it is target of the mobile banking APP .
Marcher" is malware targeting the Android platform. It is designed to steal mobile banking app credentials from customers of many different financial company.
Securify researchers explained about the malware: “Marcher is one of the few Android banking Trojans to use the AndroidProcesses library, which enables the application to obtain the name of the Android package that is currently running in the foreground.
Marcher has been around since late 2013, but it initially attempted to trick users into handing over their payment card details using Google Play phishing pages. In March 2014, the malware started targeting banks in Germany and, by the summer of 2016, there had already been more than 60 targeted organizations in the U.S., U.K., Australia, France, Poland, Turkey, Spain and other countries.
The malware has been disguised as various popular apps, including Netflix, WhatsApp and Super Mario Run.