New Android Malware Asks for Selfies; Steals Credit Card Details

YOUR SELFIE CAN LAND YOU IN GREAT TROUBLE — RESEARCHERS DISCOVER NEW MALWARE THAT ASKS FOR USER’S SELFIE TO CARRY OUT IDENTITY THEFT.

Researchers at McAfee Labs’ Mobile Research department have discovered a very powerful Android trojan that exploits the selfie mania that has taken the world by storm.

Taking advantage of the victim’s innocence and using advanced security verification methods, the malware lures the individual into taking a selfie by masquerading as a fake app. During the process, the malware executes a code in the background that asks users for payment and personal information for “verification purposes.”

Never download apps or plugins from a 3rd-party site

Initially, the malware asks for credit card information and after verifying, it asks for more information including the card’s 4-digit number printed on its back. It then asks for personal details like age, birthday and mailing address. After this step, the malware asks for a picture of the user holding ID card. The picture is required with both the front and back sides of the ID card. Once all the correct information is obtained, the cyber-crooks access the user’s online accounts.

In a blog post published on 13th October, McAfee researchers revealed that the trojan is masked as an Android video plugin so it can obtain access to the various device permissions that are required for the execution of the malicious code.

The activities of this malware are currently restricted to users in Hong Kong and Singapore, however, it’s only a matter of time before the cybercriminals will start targeting users around the world. Remember, this malware lures the user into installing it on the mobile by using the disguise of a video codec or plugin from third-party websites.

You can stay protected from such dangerous threats by refraining from installing unauthentic or mysterious plugins. Whenever a website asks for installation of a video plugin or codec, never do that because usually, these are methods used by cyber-criminals for installing malware on your device. Even if you do need an authentic app, download it from official Google Play Store. Usually, mobile phones come with all the necessary codecs and hence, you may never need to install any new ones. If an app asks you to do so, immediately uninstall it.

Furthermore, never ever take a picture of yourself holding your ID card and don’t enter payment information or credit card number ever. Not to forget to install some reliable security software and keep it updated.

Source: MCAFEE