Cape Town – Android mobile banking customers have to be wary of new malicious software capable of attacking online financial services, warns a security company.
Kaspersky Lab has warned that Acecard malware is able to bypass Google’s Play store security controls and trick users into downloading it.
“Mobile devices were usually infected after downloading a malicious application masquerading as a legitimate one. Acecard versions are typically distributed as Flash Player or PornoVideo, although other names are sometimes used in a bid to imitate useful and popular software,” Kaspersky said in a statement.
While the Trojan first made its appearance in 2014, Kaspersky noted a spike in late 2015 with 6 000 attacks as cyber authors developed up to 10 new versions of the malware.
It works by overlaying applications like Facebook, Gmail, WhatsApp and Skype with fake windows in order to steal login information and account details.
“A distinctive feature of this malware is that it’s capable of overlaying more than 30 banking and payment systems as well as social media, instant messaging and other apps,” said Roman Unuchek senior malware analyst at Kaspersky Lab US.
“The combination of Acecard’s capabilities and methods of propagation make this mobile banker one of the most dangerous threats to users today,” he warned.
Kaspersky believes that the code of the malware is similar enough to malware like TOR Trojan for Android Backdoor.AndroidOS.Torec.a and ransomware Trojan-Ransom.AndroidOS.Pletor.a that it indicates similar authorship.
“This cyber criminal group uses virtually every available method to propagate the banking Trojan Acecard. It can be distributed under the guise of another programme, via official app stores, or via other Trojans,” Unuchek said.
Kaspersky Lab advised Android users to avoid suspicious web pages and download links.
- Follow Duncan on Twitter