Acecard has been labeled as one of the most dangerous Android banking Trojans known today
Android users might be the target of a dangerous banking Trojan, named Acecard (aka Torec, due to the use of Tor to communicate with the control server), that asks them to send a selfie holding their ID card. At the moment, this has been detected only in Hong Kong and Singapore.
Targeted apps
The McAfee Labs Mobile Research Team explains that like most Android banking Trojans, this threat tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video.
The moment the app is executed by the user, it hides itself from the home launcher and then asks for device administrator privileges, in an attempt to make its removal, difficult and tedious.
When the malware runs in the background, it is said to constantly monitor the opening of specific apps to show the user its main phishing overlay, pretending to be Google Play and asking for a credit card number.
Once validated, the phishing tactic asks for super-personal information such as the cardholder’s name, date of birth, phone number, credit card expiration date and CCV as well. The advanced malware goes till the extent of asking for a second factor of authentication too. The final step is of course, asking for a selfie, with the user holding their identity card.
The reason to be believed for this Trojan is the exploit kit GM Bot, whose source code was leaked in February this year.
- com.android.vending
- com.google.android.music
- com.google.android.videos
- com.google.android.play.games
- com.google.android.apps.books
- com.whatsapp
- com.viber.voip
- com.dropbox.android
- com.tencent.mm
- jp.naver.line.android
The McAfee Labs Mobile Research Team explains that like most Android banking Trojans, this threat tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video.
The moment the app is executed by the user, it hides itself from the home launcher and then asks for device administrator privileges, in an attempt to make its removal, difficult and tedious.
When the malware runs in the background, it is said to constantly monitor the opening of specific apps to show the user its main phishing overlay, pretending to be Google Play and asking for a credit card number.
Once validated, the phishing tactic asks for super-personal information such as the cardholder’s name, date of birth, phone number, credit card expiration date and CCV as well. The advanced malware goes till the extent of asking for a second factor of authentication too. The final step is of course, asking for a selfie, with the user holding their identity card.
The reason to be believed for this Trojan is the exploit kit GM Bot, whose source code was leaked in February this year.
McAfee Mobile Security detects this
threat as Android/Torec and alerts mobile users if it is present, while
protecting them from any data loss.
No comments:
Post a Comment