Companies like Mastercard have already shifted to selfies as an alternative to passwords while verifying IDs for the online payments. But, now it seems that the hackers have already started taking advantage of this new security verification systems.
Android Trojan Tricks Victims To Submit A Selfie Holding Their ID Card
We all know very well that some payment card companies like Mastercard have already shifted to selfies as an alternative to passwords while verifying IDs for the online payments. But, now it seems that the hackers have already started taking advantage of this new security verification systems.
Yes, all these things may sound like a hoax from the beginning, but if the request to millions of users were sent then it is sure that there will be a few who “bite” and from there the problems begin.
Security researchers have uncovered a new Android banking Trojan that pretends fundamentally as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and then simply asks victims to send a selfie holding their ID card, according to a blog post published by McAfee.
However, the request, which masquerades asks was intended to complete a security check, the only intention is to get the information on the ID card or similar document of identity. According to the Kaspersky Lab Anti-malware Research Team, the Trojan is the most recent version of “Acecard” that has been labelled as one of the most critical Android banking Trojans identified yet.
Ultimately the main purpose of this request would be to have an identification that can send a bank posing as an account holder purposes that we can all imagine. On the other hand, to have the image of an identity document can serve to register profiles with the identity of the owner of that document on social networks or online services.
Hence, this would be one of the most sophisticated Trojans that are known so far though to reassure users of the Android operating system, as the range of the action of AceCard seems to be limited to the area of Singapore and Hong Kong, although it is worth knowing these issues if this, who knows if there any other malware made that request.
The security researcher of McAfee known as Bruce Snell explains that “It displays its own window over the legitimate app, asking for your credit card details. After validating the card number, it goes on to ask for additional information such as the 4-digit number on the back”.
However, we should always keep in mind that no app requires a photo of you holding your ID card, but, if asked then probably it could be a mobile banking service only. So, always be careful before doing that.