The research team of computer security firm Kaspersky discovered a malicious program, or ‘malware’, as it is known in English, which is described by the company as one of the most hazardous that have been created to attack Android devices.
the Acecard malware is able to attack users of nearly 50 different applications and online financial services and can bypass security measures Google Play Store . Its main goal is to steal passwords to banks, social networks and email accounts, among others
The Acecard Trojan uses various ways to gain information from their victims. From stealing text messages and voice a bank official to overlay windows applications with false messages that simulate legitimate login page, in an attempt to steal personal information and account details.
the latest versions of Acecard family can attack customer applications about 30 banks and payment systems. Given that these Trojans are able to superimpose your message will in any application, the total number of attacked financial applications can be much higher.
In addition to banking applications, you can create misleading Acecard windows services IM: WhatsApp, Viber, Instagram and Skype; social networks. VKontakte, Odnoklassniki, Facebook and Twitter, Gmail client, the mobile app PayPal and Google Play and Google applications Music
The Trojan superimposed false windows when the user access access to legitimate applications. Photo taken from the blog of Kaspersky.
This malicious program was first detected in February 2014, but over a long period showed no signs of activity.
In 2015, researchers at Kaspersky Lab detected a rise in attacks: in the period from May to December 2015, more than 6,000 users were attacked with this Trojan. Most of them in Russia, Australia, Germany, Austria and France. For now, no affected in Colombia.
During the two years of observation, researchers at Kaspersky Lab witnessed the active development of this Trojan. more than ten new versions of the malicious program, each with a long list of more harmful than previous functions.
How is the infection spread were recorded?
usually, mobile devices were infected after download a malicious application posing as legitimate. Acecard versions are normally distributed as Flash Player or PornoVideo, although sometimes other names are used in an attempt to imitate useful and popular programs.
But this is not the only way this ‘malware’ It is distributed. The December 28, 2015, Kaspersky Lab detected a downloadable version of the Trojan Acecard the TrojanDownloader.AndroidOS.Acecard.b at the official store Google Play.
The Trojan made it to the official Android store. Photo taken from Kaspersky official blog.
The Trojan spreads in the guise of a game. When the ‘malware’ is installed from Google Play, you will only see an icon of Adobe Flash Player on the desktop screen and no real sign of the installed application.
Looking depth code ‘malware ‘Kaspersky Lab experts are inclined to think that Acecard was created by the same group of cyber criminals responsible for the first TOR Trojan for Android, Backdoor.AndroidOS.Torec.ay the first encryption program and’ ransomware ‘mobile Trojan Ransom.AndroidOS . .Pletor.a
the evidence for this is based on similar lines of code (method names and classes) and using the same servers C & amp; C (Command and Control). This shows that Acecard was made by a group of powerful and experienced criminals, probably Russian-speaking.
“This cybercriminal group uses almost all available methods to propagate the banking Trojan Acecard. It can be distributed under the guise another program, through the official application stores or through other trojans. a distinctive feature of this program is that it is able to overlap in more than 30 banking and payment systems, as well as social networking, instant messaging and other applications. the combination of the skills and methods of spreading Acecard mobile banking makes this one of the most dangerous for users today threats, “adviertió Roman Unuchek, an analyst at Kaspersky Lab.
How to prevent infection?
1. No download or install applications from Google Play or internal sources if untrusted or can be treated as such.
2. Do not visit suspicious websites with specific content or clicking on suspicious links.
3. Install reliable security solution for mobile devices such as Kaspersky Internet Security for Android.
4. Make sure that antivirus databases are up to date and working properly.
No comments:
Post a Comment