The banking trojan – Acecard
Acecard Malware is continuously evolving. The first version of Acecard, an Android banking trojan, was detected in Feb 2014. Afterwards, its family registered more than 10 new versions of the malware, each with a far longer list of malicious functions than the previous one.
Like most Android banking Trojans, Acecard tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to open a specific video. When the malicious app is executed by the user, it hides the icon from the home launcher and keep asking for device administrator privileges to make its removal difficult. When the malware is running in the background, it monitors the opening of specific apps to show the user its main phishing overlay, pretending to be Google Play and asking for a credit card number. Acecard can overlay the following popular mobile apps with phishing windows:
- IM services: WhatsApp, Viber, Instagram, Skype
- Social networks: Facebook, Twitter
- The Gmail client
- The PayPal mobile app
- Google Play and Google Music applications
Image 1: Overlay Phishing Windows from Acecard (Source from Kaspersky Lab)
Recently the McAfee Labs Mobile Research Team found a new variant of Acecard. Apart from requesting credit card information and second-factor authentication, Acecard asks for a selfie with your identity document which is very useful for a cybercriminal to confirm a victim’s identity and access not only to banking accounts, but also to victims’ social networks.
Image 2: Acecard asks for a selfie (Source from Kaspersky Lab)
Here are four tips for preventing phishing attack on mobile devices.
- Practice good app hygiene by downloading apps only from trusted vendor in Google Play. Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources.
- Do not use public Wi-Fi networks to install and update Android apps.
- Use Android security apps to protect your devices to block the install of malicious and unwanted apps, even if they come from Google Play.
- Make sure that antivirus databases are up to date