Technology / Malware waits for perfect moment to trick users into taking selfies with ID cards
Malware waits for perfect moment to trick users into taking selfies with ID cards
14 October 2016
A new type of Android malware is tricking users into handing over selfies featuring their ID cards, according to researchers.
Experts from McAfee uncovered the sneaky malicious software, which runs in the background waiting for the right opportunity to ask users for sensitive data.
The malware initially imitates a video codec or plug-in, asking users for all the permissions it needs when it is installed before running silently on the device.
Then, when the user opens an app that might legitimately ask for a credit card number, it shows its own window asking them for their financial information.
However, this isn't enough, because the Trojan then claims it needs to verify the user's identity and demands their date of birth, address and other information.
It then asks them to take a selfie with their ID card in hand.
“You thought taking a selfie with your boarding pass was bad!” Bruce Snell, technical director at Intel Security Japan, wrote in a blog post.
“If you entered in everything you were asked for, the cyber criminals controlling this malware would now have all the information they needed to gain access to your online accounts.
“While it’s not the first time we’ve seen malware that asks for a picture, this is the first time we’ve seen this in mobile malware.”
He said that while the malware seems to be targeting users in Singapore and Hong Kong at the moment, it always pays to be prepared for upcoming threats.
McAfee advised users to avoid installing plug-ins recommended by websites. If you’re asked to install a codec or video plug-in while browsing, it’s usually bad news.
It added that they should always be skeptical if an app asks for a picture of ID documents. It might be a bad idea to share this even with legitimate apps.
Finally, it said mobile users should ensure they have up-to-date security software installed to detect malicious apps before they have a chance to install.
For more on the malware, see the McAfee blog.