TechSpot

New Android Malware asks for a selfie as it steals your information

By midian182
Oct 17, 2016
Post New Reply
  1. Not content with stealing your financial details, personal information, and login credentials, there’s now an Android banking Trojan that also asks victims to take a selfie with their ID cards.

    McAfee Labs’ Mobile Research Team discovered the malicious application, which is a new variant of the Acecard Trojan Malware (aka Torec) that was first identified back in February. In addition to asking for credit card details and information such as “mother’s maiden name,” the updated app offers “identify confirmation,” which involves uploading photos of identity documents such as a driver’s license along with a selfie of the gullible user holding the ID.

    As is the case with many Trojans, Acecard installs itself by tricking the user into thinking they’re installing a video codec/plugin or app for watching adult videos. Once it’s on the Android device, the malware asks for administrator privileges, before running in the background while monitoring specific apps.

    Acecard then shows a phishing overlay that pretends to be Google Play asking for a credit card number. This is followed by requests for name, date of birth, phone number, card expiration date, and CCV. It will also request second-factor authentication for some cards. Anyone who lives in Hong Kong will be asked for a copy of their HK ID card, while Singapore residents must add their National Registration card and passport.

    It’s at this point where the malware requests photos of the documents, along with selfies of the victim holding their ID. If someone's got this far, there’s a pretty good chance they’ll send the photographs without getting suspicious. They’ll probably only realize something’s amiss when their bank accounts are emptied, credit cards get maxed out, and bizarre doppelgangers start appearing on social media sites.

    Permalink to story.

     
  2. IAMTHESTIG

    IAMTHESTIG TS Evangelist Posts: 957   +273

    Hah.... that is kind of hilarious actually. Wrong, but hilarious. Now I kind of intentionally want to try to get this and upload them a nice photo of Mr. Browneye.
     
    wastedkill likes this.
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 1,675   +779

    The only thing missing is a caption under the photo saying "Look How Stupid I am!"
     
    Skidmarksdeluxe likes this.
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,511   +503

    People don't know any better, or simply don't care because nothing has ever happened to them up to this date, not because they are stupid.

    It's like saying don't go this way because there have been people getting mugged in this path, but it has never happened to you so you just think they are exaggerating and don't pay attention to it, this is until and if you get mugged, you might keep on walking the same way for years without anything ever happening.
     
    Skidmarksdeluxe likes this.
  5. Kotters

    Kotters TS Member Posts: 46   +24

    People have been told for literally decades now not to share their personal information online.
     
    wastedkill and Uncle Al like this.
  6. wastedkill

    wastedkill TS Evangelist Posts: 1,392   +329

    Good old android users being useful to thieves and criminals. Thank Lucifer we don't have this on iOS
     
  7. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,511   +503

    You think one is so different than the other it's almost funny. People have been literally told for centuries not to flash their goods around... your point being?
     
  8. Kotters

    Kotters TS Member Posts: 46   +24

    ...That it's common knowledge not to share your personal information. This isn't a difficult concept or idea to understand.
     
  9. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,511   +503

    And it's common knowledge not to flash your goods in bad places, yet people do it all the time and end up getting mugged... so, what's your point? Why is it online more important than offline? Why is it so hard to fathom the idea that unless people experience it on first hand they won't learn nor take any additional precautions to avoid something?

    Again, it's not an online issue, it's a behavioural issue. Banks send information on how to avoid phishing attempts and people simply delete them. Police broadcasts tips for people to follow in order to be safe, they are ignored. Governments posts and publishes a lot of -sometimes- good information, no one takes half a minute to read posters or flyers. So... again, what's your point?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...