Skip to Main Content

Android Malware Steals Credit Card Information

Given my daily work, I recently ran into some interesting Android malware that tries to steal credit card information from users. The malware is cloaked as Adobe Flash Player App: users who want to install the app on their devices end up downloading the malware from an untrusted source.The bad news is that victims might not even recognize it as malware since it looks like the real Flash Player.

Android malware

As you can see in the picture above, although it looks like Adobe Flash Player it actually requests a lot of permissions like access to location data, SMS, phone calls …

The malware installs itself as a service on the phone and it requests device administrator permissions from the user. It says that it needs the permission to get access to a video codec. Once the user agrees with this request, the app gains full access to everything on the phone.

Android malware

Now everything is set up and I will explain how it is stealing the information. Basically the malware is checking if some popular or often used apps like Google Play Store, Google Music, WhatsApp, Facebook, Twitter, Instagram … are launched on the device. If one of these Apps were started, the malware displays some screens to get the credit card information from the user. It looks like the launched app is requesting this credit card information for payment issues.

As you can see in the screenshots above, all information needed to make a payment is demanded by the malware. It requests credit card number, expiration date,CVC number, the complete owner information with address and the only payment password for the credit card. The dialogue box also includes a checking system to ensure that no wrong numbers etc. are entered. Once all of this information is introduced, the data is sent to a server which collects the stolen credit card information. Authors of this Malware can use it now to make payment transactions with the stolen data.

To prevent you from being affected by such malware we recommend to install only apps from trusted sources like Google Play and always keep an eye on the permissions the app requests from you. Check if it makes sense that the app has this permission and if it is really needed.


Virus-Analyst - Avira Protection Labs