Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Android Acecard banking trojan asks users for selfie with an ID card

Experts discovered a new variant of the Android Acecard banking trojan that asks victims to take a selfie while they are holding an ID card. The inventiveness of the criminals is a never ending pit. Recently, a number of organizations announced a new authentication method based on the selfies. For example, HSBC customers can open […]

Android Acecard banking trojan asks users for selfie with an ID card

Experts discovered a new variant of the Android Acecard banking trojan that asks victims to take a selfie while they are holding an ID card.

The inventiveness of the criminals is a never ending pit. Recently, a number of organizations announced a new authentication method based on the selfies. For example, HSBC customers can open new bank accounts using a selfie, such as the Bank of Scotland and many other financial organizations and Mastercard.

Crooks have already started taking advantage of this new method of biometric authentication, experts at McAfee discovered a new Android banking Trojan, dubbed Acecard, that pretends to be an adult video app or a codec/plug-in necessary to see a specific video.

“Recently the McAfee Labs Mobile Research Team found a new variant of the well-known Android banking Trojan Acecard (aka Torec, due to the use of Tor to communicate with the control server) that goes far beyond just asking for financial information.” reads a blog post published by McAfee. “In addition to requesting credit card information and second-factor authentication, the malicious application asks for a selfie with your identity document—very useful for a cybercriminal to confirm a victim’s identity and access not only to banking accounts, but probably also even social networks.” 

The fake video plugin appears like an Adobe Flash Player, a pornographic app, or video codec.

When it is running in the background, the Acecard banking Trojan monitors the opening of specific apps usually associated with payment transactions. When the victim will open one of these apps the malware will present him a main phishing overlay, pretending to be Google Play and asking for a credit card number, that requests the submission of the card details and more personal and financial data (i.e. Cardholder name, date of birth, phone number, credit card expiration date, and CCV)

After collecting credit card and personal information from the victim, the Acecard banking Trojan the malware asks victims to complete a fake “identity confirmation” composed of three steps. In the first two steps the app requests the victim to upload a clean and readable photo of the front and back side of his identity document (national ID, passport, driver’s license):

Acecard banking trojan selfies

In the final step, the malicious app asks victims to take a selfie while holding their ID card.
Acecard banking trojan selfies 2

“After collecting credit card and personal information from the victim, the malware offers a fake “identity confirmation” that consists of three steps. The first two steps ask the user to upload a clean and readable photo of the front and back side of the victim’s identity document (national ID, passport, driver’s license).” continues the post. “The final step asks for a selfie with the identity document.”

The information collected by the Acecard banking Trojan allows attackers to perform several illegal activities that would result in the victim’s identity theft.

According to the experts, this variant of the Acecard banking Trojan has impacted users in Singapore and Hong Kong.

As usual, let me suggest avoid download from untrusted app stores and carefully review the permissions apps are asking for … and of course don’t take selfies while holding your ID card.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Android Acecard banking trojan, selfies)