Programmatic Lunch

Kaspersky Warns of 'One of the Most Dangerous' Android Trojans Yet

Andy Penfold

Internet security firm Kaspersky says it has detected one of the most serious Android security threats to date.

The Acecard malware is capable of attacking users of nearly 50 online financial applications and services, and has so far evaded Google's Play Store security measures.

As well as banking and financial apps, Acecard has been able to overlay phishing windows over popular apps such as WhatsApp, Viber, Instagram and Skype, as well as Facebook, Twitter, PayPal, Gmail, Google Play and Google Music.

Kaspersky says the Acecard Trojan family uses almost all of the malware functionality currently available – such as stealing a bank’s text and voice messages, and overlaying official app windows with phishing messages.

The company says the Trojan first emerged in 2014, with very little activity. Since then, it has seen 10 new versions, each with more malicious code than the last.

Roman Unuchek, senior malware analyst at Kaspersky Lab USA, says the Trojan is likely to have come from the same Russian-speaking cyber-criminal gang as previous Android security threats. “This cybercriminal group uses virtually every available method to propagate the banking Trojan Acecard," he says.

"It can be distributed under the guise of another program, via official app stores, or via other Trojans. A distinctive feature of this malware is that it’s capable of overlaying more than 30 banking and payment systems as well as social media, instant messaging and other apps. The combination of Acecard’s capabilities and methods of propagation make this mobile banker one of the most dangerous threats to users today.”