Android banking and payment apps at risk from Acecard Trojan
A new Android banking Trojan is now bypassing Google Play security measures -- the Acecard Trojan is capable of attacking users of nearly 50 different online financial applications and services.
During the last quarter of 2015 researchers at Kaspersky Lab detected an unusual increase in the number of mobile banking attacks in Australia. The suspicious activity was discovered to be the result of a single banking Trojan called Acecard.
The company describes Acecard as one of the most dangerous Trojans it's ever seen. It uses almost every malware functionality currently available -- from stealing a bank's text and voice messages to overlaying official app windows with false messages that simulate the official login page in an attempt to steal personal information and account details. The most recent versions of the Acecard family can attack the client applications of some 30 banks and payment systems. Considering that these Trojans are capable of overlaying any application on command, the overall number of attacked financial applications may be much higher.
Acecard is also able to overlay phishing windows on other applications including IM services WhatsApp, Viber, Instagram and Skype, social networks including Facebook and Twitter, the Gmail client, Google Play and Music, and the PayPal mobile app.
"This cybercriminal group uses virtually every available method to propagate the banking Trojan Acecard. It can be distributed under the guise of another program, via official app stores, or via other Trojans. The combination of Acecard's capabilities and methods of propagation make this mobile banker one of the most dangerous threats to users today," says Roman Unuchek Senior Malware Analyst at Kaspersky Lab USA.
Kaspersky Lab experts believe that Acecard was created by the same group of cybercriminals that was responsible for the first TOR Trojan for Android and the first mobile encryptor/ransomware. The reasoning for this is based on similar code lines and the use of the same command and control servers.
To prevent infection by Acecard, Kaspersky recommends not downloading applications you don't trust, not clicking suspicious links, installing a reputable security application and keeping it up to date.
You can find more details on the Securelist blog.