Mobile Banking Trojan Acecard – All You Need to Know About a New Threat

The smartphone has a wide range of functions. Despite its main feature of being a phone, this gadget allows you to listen to the music, read, surf the Internet, pay bills, work with documents, etc. A huge part of personal and business life of our contemporaries is tied to this smart device. Realizing this, the hackers began to concentrate their efforts on creating mobile malware programs. Many of them have already been discovered: Android.BankosyAsacubFacetoken… Yet, we haven’t seen such a powerful and multi-functional mobile banking Trojan as the Acecard.

Though, Acecard didn’t become so strong in a moment. The first “harmless” version of this virus appeared in early 2014. At that time, it did not perform any harmful actions. It just infected the smartphones – absolutely inconspicuously for the users. It took one and a half years for the Acecard to turn into a full-fledged threat. After growing in strength in May 2015, Trojan took to serious attacks. Today, it has about 10 types, each of which is strong and dangerous. Acecard actions are not localized in one country. It has already been spotted in Germany, France, Australia, Russia, and Austria.

Mobile banking Trojan Acecard can imitate over 50 applications of banks and payment systems, chat rooms (including Viber, WhatsApp, Skype), PayPal and Gmail.

Some experts name the Acecard the most serious today’s threat to mobile data protection. And this opinion appeared not without the reason. The mobile banking Trojan Acecard is able to bring a smartphone owner a lot of troubles in many different areas.

Its main “specialization” is phishing – the substitution of different sites and services. The range of the websites and apps it can substitute is wide. Over 50 financial applications of banks and payment systems, chat rooms (including Viber, WhatsApp, and Skype), and even such “monsters” as PayPal and Gmail, where data protection has always been considered a strong point. Besides, the virus can steal any information – from the SMS to the credit cards data. It can redirect the calls, “replace” a bunch of applications and even install new ones (for example, cryptowares) on the infected device. The mobile banking Trojan Acecard may also block the window of any application itself and demand a ransom for returning functionality to the smartphone.

The virus can steal any information – from the SMS to the credit cards data. It can redirect the calls, “replace” a bunch of applications and even install new ones (for example, cryptowares) on the infected device.

Usually, Trojan viruses are sent in the form of phishing emails or spam. Acecard differs even here: it can disguise itself as the important system applications. Not so long ago it put on a mask of the Adobe Flash Player. Regular users who are not IT-specialists didn’t know the production of this player for Android was stopped in 2012 and the hackers took advantage of it. As a result, those who have downloaded the fake Flash Player on the smartphone received a mobile banking Trojan and a player icon on the desktop instead.

How to protect yourself against the Acecard

If the Acecard has already infected the device, it is difficult to do something with it. The only thing you can do to protect yourself against this mobile banking Trojan is simply to prevent the infection. You can do it the next way:

  1. Be careful when installing the program. Check whether the application really exists (search for information about the official version) in order not to get in a situation like that one with the Adobe Flash Player. Who knows what software the hackers will use the next time to disguise the Trojan?
  2. Do not download applications from the untrusted sources. Yet, the official store is also not a guarantee of safety in the case of this malware. Acecard creators have even learned to bypass the Google Play protection. There has been a separate Trojan that used Google’s app store to download the Acecard disguised as the smartphone game.
  3. Install a constantly updating powerful antivirus able to detect Acecard-like new threats.

Banking institutions and payment system in their turn should take care of the extra level of protection against phishing and interception of the one-time password delivered via SMS or voice calls. As well as complete their systems of multi-factor authentication with an additional function – data signature CWYS (Confirm What You See). Learn more about this function here.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Denis Shokotko

Once upon a time, in a small town there lived a boy named little Denis. As years went by and the boy grew up, his interest in everything new and unknown grew, too. Denis was particularly interested in information technologies. And, his feelings were reciprocated. His new hobby was so fascinating that he decided to devote the rest of his life to it. Soon after that, he developed his first software program, then another one and another one, and more... In software development, no one could compare to him. His talent could not but be noticed and appreciated. Before long, he is among the originators of a new innovative project. And now, Protectimus in Denis’ life is like a mistress that would not share him with another or put up with any unfaithfulness :)

Share This Post On


  1. Ann, great job on this article. I believe the smartphone manufacturers for Android devices are partly to blame for the recent epidemic of smartphone viruses. The lifecycle for patching devices is almost non-existent, and security is kept to a minimum. All the manufacturers care about is how many units of their flagship that they can sell.

    I have come across within the last year or so, that security as a whole within the IT industry has become rather stagnant, while hackers and those alike are growing in size.

    Would you agree?

    Post a Reply
    • Michael, I agree with you. Every method of data protection existing today can be bypassed. The question is only in the resources the fraudster needs to bypass this or that barrier. If it is too expensive or takes a long time to get access to the certain resource the hacker may just skip it and find another “victim”. Modern technologies develop very fast. And we really see the lag in the cyber security field. We see the huge gap in the Internet of Things, for example. And you are quite right about the mobile security. It is not on the appropriate level yet and that’s why we see so many viruses developed specially for Android.

      But there is also the other side of the coin – the users. People are not cyber security conscious. Often people don’t use even the simplest antivirus programs on their smartphones. I guess that the responsibility for such attacks lies on 3 sides:

      1. The producer of the smartphone and the operation system who didn’t supply the product with the necessary level of protection.
      2. The producer of the app or website the virus falsifies.
      3. The user who neglects the basic rules of data protection.
      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This