Gullible Android users might be the target of a dangerous banking Trojan, named Acecard, that asks them to send a selfie holding their ID card. At the moment, this has been detected only in Hong Kong and Singapore.
Apart from asking financial information such as credit card details and second-factor authentication, this Trojan variant also asks for a selfie with your identity document. This move not only gives the cyber-criminal a confirmation of the victim’s identity but also, gives them access to social networks.
The McAfee Labs Mobile Research Team explains that like most Android banking Trojans, this threat tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video.
The moment the app is executed by the user, it hides itself from the home launcher and then asks for device administrator privileges, in an attempt to make its removal, difficult and tedious.
When the malware runs in the background, it is said to constantly monitor the opening of specific apps to show the user its main phishing overlay, pretending to be Google Play and asking for a credit card number.
Once validated, the phishing tactic asks for super-personal information such as the cardholder’s name, date of birth, phone number, credit card expiration date and CCV as well. The advanced malware goes till the extent of asking for a second factor of authentication too. The final step is of course, asking for a selfie, with the user holding their identity card.
The reason to be believed for this Trojan is the exploit kit GM Bot, whose source code was leaked in February this year.