AuthentificationCyberCrimeSecurityVirus

Selfie Stealing Android Trojan Discovered By McAfee Labs

Google + Linkedin Subscribe to our newsletter Write a comment

Tweaked Acecard trojan aims to trick gullible Android users into sending selfies and photos of their IDs

A variant of the Acecard trojan malware which tricks gullible Android users into posing for a selfie while handing over other personal inflation has been discovered by McAfee Labs,

The cyber security firm noted the trojan hides behind legitimate looking apps, such as video codecs and adult video apps, which it uses to get a user to grant it the permissions needed within the Android mobile operating system to execute malicious code.

Once the app is activated, the trojan’s code is executed whereby the app icon is hidden from the user and it constantly asks for device administrator privileges to make its removal difficult.

Selfie stealing

selfie-stealing-malwareOnce the trojan is up and running, its malware payload constantly runs in the background, monitoring a user’s activity within specific apps waiting for them to be requested to put in credit card details.

When it detects this is happening, it puts an overlay on top of a legitimate app asking for credit card details, which once it receives it goes on to ask for more validating information, such as security numbers, mailing address, age, and birthday. This cumulates with the malware asking for a photo of the front and back of an ID card and then a selfie of the user with the ID in hand.

This combination of social engineering and malware means a hoodwinked user effectively gives away a whole suite of personal information commonly used with security and authentication processes in online and mobile banking and payments.

“If you entered in everything you were asked for, the cybercriminals controlling this malware would now have all the information they needed to gain access to your online accounts,” said Bruce Snell, cybersecurity and privacy director at Intel Security, the owner of McAfee.

“While it’s not the first time we’ve seen malware that asks for a picture, this is the first time we’ve seen this in mobile malware.  Cybercriminals have definitely turned their sights on the mobile platform.”

The variant of the Acecard trojan has only been affecting people in Singapore and Hong Kong so far, but with the rapid spread of Android malware, it is best for people in other nations to be aware of the threat they could face,

WHITEPAPER: Mobile Security and Risk Review

The options to combat such trojans and malware is to avoid dodgy apps and software, apply a healthy degree of scepticism with handing over too much information online or via a mobile app and service, and to make use of up-to-date mobile security software.

These kinds of trojan attacks are not likely to disappear any time soon given they can earn cyber criminals a serious amount of money.

Quiz: What do you know about cybersecurity in 2016?