Home > Cyber News > Would You Take a Selfie for Acecard Android Trojan?

Would You Take a Selfie for Acecard Android Trojan?


The Acecard Android Trojan has been around for quite some time. We wrote about Acecard in February this year, but in fact the malware has been attacking devices since 2014, when it was first detected. Back in February,
the Trojan was specifically targeting multiple banks.

Related: Acecard, Android Trojan and Phishing Tool Targets Over 30 Banks

Acecard is currently being deployed in new attacks, and that’s quite unfortunate considering that it’s one of the worst Android malware pieces today.

Acecard’s Latest Campaign Targets Users in Singapore and Hong Kong

Apparently, the latest version of the malware is hidden inside different apps masqueraded as Adobe Flash Player, pornographic apps, and video codecs, McAfee researchers report. The apps are distributed outside of Google Play Store and are persistently annoying users with permission requirement screens until admin rights are achieved.

As soon as the malicious app is executed by the user, it hides the icon from the home launcher and constantly asks for device administrator privileges to make its removal difficult.

When it is running in the background, the malware constantly monitors the opening of specific apps to show the user its main phishing overlay, pretending to be Google Play and asking for a credit card number.

Once the credit card number is validated, the next phishing overlay asks for more personal and credit card information such as cardholder name, date of birth, phone number, credit card expiration date, and CCV.

Finally, Acecard will prompt the user to take a picture of the front and back side of his ID card. Then, the user is asked to hold the ID in his hand and take a selfie. Why is this done?

[This is] very useful for a cybercriminal to confirm a victim’s identity and access not only to banking accounts, but probably also even social networks.

Thanks to this smart but quite vicious tactic the attacker can verify illegal transactions or even confirm he’s the owner of hijacker social media profiles. No wonder that the Trojan also collects credentials for social media apps like Facebook, WhatsApp, WeChat, Viber, and other apps like Dropbox and Google Videos.

The updated Trojan is mostly successful with less tech-savvy users that haven’t used smartphones and aren’t aware of the normal behavior of an app.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share