Acecard is an Android Banking Trojan that can substitute a legitimate mobile banking application’s online form with one of its own, stealing financial information from unsuspecting users. Once captured, the user’s financial data is transmitted to cyber-criminals who either directly steal the funds or sell the information on the black market.
So far, over 6,000 users have been compromised and the assaults are increasing. Click here to read Kaspersky Lab’s article on Acecard.
This Trojan is different
Kaspersky Lab points out that this particular Trojan has the ability to substitute its own bogus forms for about 30 different banking payment systems. Additionally, Acecard has a large attack vector—it not only attacks banking platforms, but it is also used in phishing attacks on social networks, instant messengers, PayPal apps, the Gmail client, Google Play Store and Google Play Music.
According to Kaspersky, this Trojan disguises itself as an Adobe Flash mobile download. However, you should note that Adobe Flash for Android was discontinued in 2012.
- Don’t download any mobile app that includes Adobe Flash by itself or as part of the package.
- Limit the mobile apps on your smartphone. If you don’t need it—don’t download it.
- For those apps you do use, know what permissions you are granting it before downloading. If they don’t seem in line with what the app supposedly does, avoid it like the plague!
- Even though Acecard uses the Google Play Store as one of its distribution channels, be extra wary of downloading anything from non-official stores where malware dangers multiply.
- Use a good mobile security solution and keep it updated.
Criminals know that cell phones are a way of life. You may forget many things when you leave home, but most people will never forget their smartphone and as you can see, cyber-criminals are ready to take full advantage. Make sure you’re prepared.
Joseph Imperato Sr. is the Managing Partner for XSolutions Consulting Services, a Managed Services Provider (MSP) delivering Computer Support, Business Continuity, Cloud Services, and IT Consulting to New York, New Jersey, and Connecticut businesses. Call us at (845) 362-9675 and see how we can help your company.