A free gambling app, Black Jack which has been downloaded by as many as 5,000 users from Google Play Store has been found to be a banking Trojan, reports HELPNETSECURITY .
The App’s main goal is to steal users’ personal and banking information and login credentials to a handful of popular online services and social networks by presenting fake pop-up windows to users containing forms to be filled with credentials.
The app was also found to contain a variant of the Acecard malware family which has the ability of intercepting and sending sms messages, forwarding phone calls, locking the device screen and wiping all user data from the device.
It also attempts to download another app name Play Store Update (cosmetiq.fl).
Lookout researchers who uncovered this malware have advised users who downloaded Black Jack to uninstall it as well as the cosmetiq.fl app and change their online accounts passwords immediately.