Acecard Trojan, capable of attacking nearly 30 banking and payment Android mobile apps was detected by Kaspersky Lab’s Anti-malware research team. As per a statement released by Kaspersky, the Trojan will be able to bypass Google Play Store’s security measures and has termed it as potentially dangerous.
Originally, Acecard Trojan was discovered in Q3 2015, when Kaspersky Lab experts detected a rapid spike in the mobile banking apps attacks with more than 6000 users were affected by the trojan in Russia, Australia, Germany, Austria, and France. However, researchers predicted its presence in 2014 itself with no signs of abnormal activity.
While Acecard Trojan has the capability to steal content from bank’s text and voice message, it can also hijack the user-interface of the official app with false messages, which may look real to the user’s eyes. Moreover, the Trojan will also simulate the official login page in an attempt to fetch personal information and account details.
Even though Kaspersky has detected the presence of Acecard malware in 30 banks and payment systems, the amount is expected to rise with the increase in new mobile-based payment apps.
In addition to banking apps, Acecard can overlay WhatsApp, Viber, Instagram, Skype, VKontakte, Odnoklassniki, Facebook, Twitter, Gmail, PayPal, Google Play and Music apps with phishing windows. As a user, you will not be able to know whether your device has been infected or not until you run the latest version of antivirus software.
The Kaspersky Lab researchers have reported that more than ten different versions of Acecard malware are currently available for each version performing advanced functions than the earlier ones.
Normally, a mobile device is infected by the trojan when a user downloads a mobile application distributed as Flash Player or PornoVideo. These mobile apps initially sound legitimate, but it turns out to be a nightmare for the user since it steals all vital data without user’s knowledge. Moreover, your mobile device can also be infected via a popup window which appears during browsing.
A version of the malware with the code name – Trojan-Downloader.AndroidOS.Acecard.b was spotted on Google Play Store on December 28, 2015.
According to researchers, the Trojan also propagates via games where the user will be able to view an Adobe Flash Player icon on the desktop screen with no actual sign of the installed application. Once infected, it will not be possible to remove it manually from the Apps page will not have an entry for the installed application.
When the code was inspected carefully, Kaspersky Lab experts came to a conclusion that Acecard was created by the same group of Russian-speaking based cyber criminals that were responsible for the first TOR Trojan for Android Backdoor.AndroidOS.Torec.a and the first mobile encryptor/ransomware Trojan-Ransom.AndroidOS.Pletor.a. It is because the source code employs the usage of same methods and classes including the use of the same C&C (Command and Controls) servers.
The cyber criminal group make use of all the available method to propagate the banking Trojan Acecard, which can be via another program, official app stores or through other Trojans, adds Roman Unuchek, Senior Malware Analyst, Kaspersky Lab USA.
To prevent Acecard Trojan infection, Kaspersky Lab experts suggests that you should not download apps from Google Play Store if they are untrusted. Moreover, you should not install apps which will be installed by clicking a link which you occasionally notice while navigating the web including disregarding of popup ads.
By considering your mobile device like your computer, you should not only install reliable antivirus software available for mobile devices but also keep them up to date.