Acecard malware targeting information from Android users

Acecard malware targeting information from Android users
Source: KFDA
Source: KFDA
Source: KFDA
Source: KFDA
Source: KFDA
Source: KFDA

AMARILLO, TX (KFDA) - A damaging virus could be taking private information from your cell phone without you even knowing it.

Acecard Trojan is targeting information from dozens of apps on Android phones.

It's being described as one of the most dangerous banking Trojans ever seen by the international organization Kaspersky Lab's Anti-malware Research Team.

Acecard takes the login screen for several banking and social media apps on Androids, then overlays that screen with its own identical login commands.

"It has an overlay on there to where you put in your user name and password," said Jeremy Montieth, IT Director at Amarillo National Bank. "It pretty much captures that information and utilizes it down the road, then they can see what you're looking at on any app."

The virus can bypass security measures in the Google Play Store and has affected around 50 financial and banking apps.

Kaspersky reported these as some of the other apps Acecard can overlay:

  • IM services: WhatsApp, Viber, Instagram, Skype
  • Social networks: Facebook, Twitter
  • The Gmail client
  • The PayPal mobile app
  • Google Play and Google Music applications.

"The Google Play Store gives the user the freedom to be able to download pretty much what they want," said Montieth. "However, with that freedom, the bad guys have that same freedom to create whatever they want."

Once Acecard knows your user name and password, they can view your banking statements and use that information to solicit even more private data.

"A lot of times when you use a user name, you use that on different apps," said Montieth. "So then they have access to your other apps."

While there is no guaranteed way to block out ever-evolving malware, there are some steps Android users can use to protect their phones:

  • Install a firewall or anti-virus software on your phone
  • Constantly update your phone's apps and operating system
  • Put a pass code on your phone
  • Monitor your bank statements to check for suspicious activity
  • Contact your bank if your statement seems off

"When it comes to people's money," said Montieth, "there are no dumb questions."

Copyright 2016 KFDA. All rights reserved.