The Acecard Android Trojan is a threat that has been around for quite some time.
Its main goal is to collect login credentials used by the victims to access their online banking, payment, email or social media accounts, and it does so by detecting when a legitimate mobile app is opened and overlaying screens over it, asking for information to be entered in them.
The amount and types of information the Trojan is after is constantly changing. One of the latest malware variants goes as far as asking victims to share their passport or ID number, photos of a document that proves their identity, and even a selfie in which they are pictured with the aforementioned document.
Hopefully not many users will fall for this scheme, but some that are not that tech-savvy will.
Criminals that manage to get their hands on these photos can use them to gain access to victims’ accounts, as they are a means to confirm a victim’s identity. In fact, many identity theft schemes can be perpetrated with the help of these photos.
“Like most Android banking Trojans, this threat also tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video,” the researchers warn.
Once installed, the malware will repeatedly ask victims for device administrator privileges.
The Acecard Trojan has been previously been spotted in trojanized apps on Google Play.
Aside from the customized screen overlay (phishing) capability, it is also able to install additional apps, intercepting and sending SMS messages, forwarding phone calls, and more.