Acecard

Acecard is a banking Trojan affecting Android devices. The malware is most commonly distributed by disguising itself as other apps; however, it has also been seen distributed through the Google Play store. Acecard is capable of putting an overlay on top of almost 30 different banking sites, stealing the user’s information when entered. This information can be used to directly deposit money into the attacker's bank account. In addition to banking sites, the malware can put overlays on many social media sites such as Facebook or Twitter, messenger apps such as WhatsApp or Skype, the PayPal app, and the Gmail client. This sensitive data can also be sold to a third party once stolen. Based on recorded attacks from 2015, users from Russia, Australia, and Germany are most at risk; however, there have been reported cases in the US.

Reporting

  • October 2016: A new variant of Acecard requests Android users to take “selfies” with an identification card or document for authentication purposes. (McAfee)
     
  • August 2016: Acecard malware surpassed the Marcher malware as the most popular threat in Australia. (SecureList)
     
  • February 2016: Acecard was being propagated through the Google Play store. (Kaspersky)

Technical details

  • Kaspersky Lab provides more technical details on Acecard, available here.
 

One example of the Acecard variant. Image Source: Kaspersky Lab