The Acecard Android banking trojan, which has been around since 2014, is capable of attacking 50 separate online financial applications, bypass Google Play Store security and act as part of a phishing scam.

Not only can it attack banking apps, it can also overlay phishing scams on such sites as Facebook, Instagram, WhatsApp, and it can also do so with Gmail, PayPal's mobile app and Google Play and Music.

Roman Unuchek, senior malware analyst at Kaspersky Lab USA, said: “It can be distributed under the guise of another program, via official app stores, or via other Trojans. The combination of Acecard's capabilities and methods of propagation make this mobile banker one of the most dangerous threats users today."

Acecard's increase in activity started in June 2015. In October the malware was upgraded so it could attack the three largest U.S. banks.

Unuchek believes that the same gang that developed the first TOR trojan for the Android operating system, Backdoor.AndroidOS.Torec.a., is the same cybercriminals that developed Acecard.

“The evidence for this is based on similar code lines (names of methods and classes) and the use of the same Command and Control servers. This proves that Acecard was made by a powerful and experienced group of criminals, most likely Russian-speaking,” he said.

Source: SCmagazine