A variant of the Acecard trojan malware which tricks gullible Android users into posing for a selfie while handing over other personal inflation has been discovered by McAfee Labs,
The cyber security firm noted the trojan hides behind legitimate looking apps, such as video codecs and adult video apps, which it uses to get a user to grant it the permissions needed within the Android mobile operating system to execute malicious code.
Once the app is activated, the trojan’s code is executed whereby the app icon is hidden from the user and it constantly asks for device administrator privileges to make its removal difficult.
When it detects this is happening, it puts an overlay on top of a legitimate app asking for credit card details, which once it receives it goes on to ask for more validating information, such as security numbers, mailing address, age, and birthday. This cumulates with the malware asking for a photo of the front and back of an ID card and then a selfie of the user with the ID in hand.
This combination of social engineering and malware means a hoodwinked user effectively gives away a whole suite of personal information commonly used with security and authentication processes in online and mobile banking and payments.
“If you entered in everything you were asked for, the cybercriminals controlling this malware would now have all the information they needed to gain access to your online accounts,” said Bruce Snell, cybersecurity and privacy director at Intel Security, the owner of McAfee.
“While it’s not the first time we’ve seen malware that asks for a picture, this is the first time we’ve seen this in mobile malware. Cybercriminals have definitely turned their sights on the mobile platform.”
The variant of the Acecard trojan has only been affecting people in Singapore and Hong Kong so far, but with the rapid spread of Android malware, it is best for people in other nations to be aware of the threat they could face,
WHITEPAPER: Mobile Security and Risk Review
The options to combat such trojans and malware is to avoid dodgy apps and software, apply a healthy degree of scepticism with handing over too much information online or via a mobile app and service, and to make use of up-to-date mobile security software.
These kinds of trojan attacks are not likely to disappear any time soon given they can earn cyber criminals a serious amount of money.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…