Stupid Is As Stupid Does: Android Trojan Asks Victims For A Selfie Holding Their ID

CHEESE! Smile for the malware that is trying to steal your identity! One Android banking Trojan is asking victims for a selfie with their ID card.

This past year victims were asked to provide information like their “mother’s maiden name” so that hackers could unearth security question answers and break into bank accounts. McAfee Labs Mobile Research Team recently discovered this latest evolution of Android banking Trojan Acecard. The ID selfie not only helps cybercriminals to access bank accounts, but social networks as well.

phishing overlay

How does the malware work? The Trojan first tricks victims into installing it by pretending to be codec/plug-in necessary to see a specific video or a porn app. The malware runs in the background and monitors specific apps.

The malware then pretends to be Google Play with a phishing overlay and asks for the victim’s credit card number. The next phishing lay asks for even more personal and credit card information such as the credit card holder’s name, date of birth, phone number, credit card expiration date, and CCV. If the victim lives in Hong Kong, the malware will request their HK ID. If the victim lives in Singapore, the malware will ask for their National Registration Identity Card and the Singaporean passport.

selfie scam

The Trojan Acecard completes its scam with a three-step identification process. The first two steps require the victim to upload pictures of the front and back of the ID cards. The last step asks the victim to take a selfie with the ID card for further validation.

The malware is particularly annoying because it hides its icon from the home launcher. It persistently requests “device administrator privileges” from the victim in order to make its removal difficult. Targeted apps include Google Play, Google Music, Google Books, Google Videos, Google Play Games, Dropbox, WhatsApp, and Viber.

This probably goes without saying, but please do not give your credit card information, personal information, and/or a personal photo to an unknown or suspicious app.