With smartphones and tablets increasingly becoming the average person's go-to computer, it's no wonder many hackers are moving their focus away from computer attacks toward mobile attacks. After all, your smartphone or tablet can have your banking information, email, text messages, contacts, photos, location history and more in one spot.
Over the years, hackers have figured out better ways to sneak on to gadgets and steal your data. And an Android Trojan called Acecard is the latest and most dangerous one yet.
Actually, Acecard isn't technically "new." It's been around since early 2014, but over the past two years has evolved in stages, with each stage becoming more capable at stealing information. In fact, there are more than 10 versions out there.
Acecard is a phishing app, and works by showing you "overlays." When you load up a banking app, Facebook, Twitter, Instagram, popular instant messengers like WhatsApp or Skype, PayPal or Gmail, Acecard overlays its own form on top of the app.
The overlay looks just like the sign-in screen or "add credit card" screen for that app. However, when you type in the information, it goes right to the hackers.
Acecard has overlays for more than 30 banking apps, along with the social apps we already mentioned. It can even download new overlays from its creators, which means as popular new apps arrive, it can steal information from those too.
Until recently, Acecard was only found in third-party app stores, but that changed in December when it found its way into the Google Play store. It typically disguises itself as an Adobe Flash app, even though Android stopped supporting Flash back in 2012. However, some people still think they need it. Acecard has also shown up in game apps and other utilities.
To avoid this threat, you should avoid downloading apps from third-party app stores, and only install apps from reputable companies in the Google Play store. It also helps to have a security app that can detect Acecard.