McAfee has found an updated banking Trojan that requests a selfie replete with an ID card or passport photo page – then steals your funds and identity.
First, let’s put this in perspective. It is based on the well-known Android malware called Trojan Acecard or Torec. It is secretly installed as part of an app payload either promising to provide adult content or as a necessary codec/plug-in to play a specific adult video.
The most likely place to catch it – and something else – is Porn Tube and referral sites and it presents “this week” as a necessary install of Adobe Flash Player, or Codec Pack v15.0.4 or Video Codec HD.
Of course, the malicious app asks for Administrator privilege to install and then constantly monitors the use of specific banking related apps. Australian banks and payment systems are monitored, and Acercard is responsible for almost all finance Trojan attacks here. So if you have prurient interests and do phone banking or payments read on.
{loadposition ray}
The first thing to remember is that Acecard has been around for a while, so it is now pretty “bug” free in that the banking/payment screens it presents are almost indistinguishable from the real thing. Its spelling is perfect and its use of security questions match the banks concerned e.g. Mother’s Maiden Name, Father’s Middle Name, Maternal Grandmothers Name, or a Memorable Word. Attackers then use that data to respond to security questions and obtain illegal access to the victims’ bank accounts.
McAfee says the new variant goes beyond just asking for password information to requesting credit card information and second-factor authentication; the malicious application asks for a selfie with your identity document - very useful for a cyber criminal to confirm a victim’s identity and access not only to banking accounts but also social networks.
So be warned – it is either porn or banking/payments but not both.