Acecard: A banking malware posing a threat to Android users

IT security researchers at Kaspersky Lab have detected and analyzed a banking Trojan thought to be one of the most dangerous ever seen on Android application platforms.

This malware, known as Acecard, has the capacity to attack users of around fifty apps and online payment services available to download from Google Play. It would be able to bypass the security measures demanded by the app store.

A full range of functionality

This malware is equipped with currently available features, allowing it to steal users’ personal and banking details. For example, it can capture a bank’s text and voice messages and can also display a login form, overlaid on a genuine app, in an attempt to steal credit cards as well as usernames and passwords.

Screenshot of an infected app by the Acecard malware

Phishing on other types of applications

Acecard is not limited to banking apps and can apply the overlaid window principle to a large number of app families such as:

  •      WhatsApp, Viber, Instagram, Skype
  •      Facebook, Twitter, VKontakte
  •      eM Client for Gmail
  •      PayPal Mobile App

This feature makes the Trojan extremely dangerous because it could well affect a considerable number of apps.

The malware steals private information by faking a login access

Google Play as an infection vector

Users infected by this malware will usually have downloaded and installed an app that copies every feature of the visual identity of a genuine program. Malwares of the Acecard family have previously been detected under the names of Flash Player and PornVideo. In December 2015, the Kaspersky Lab confirmed that the Trojan could spread by means of a game in Google Play.

This case is a useful reminder that the volume of malwares targeting mobile device users tripled between 2014 and 2015. Thus, smartphones are increasingly vulnerable to attacks from malware with features similar to those which affect computers. Some hackers are even able to deploy ransomwares that encrypt a phone’s contents and then demand ransoms of a hundred euros.