News  Android
Acecard Trojan


Incredibly, new Android malware has been discovered which actually attempts to trick its victims into not only taking a selfie, but one of them holding a valid ID card such as a drivers license or passport. This is like the holy grail to id thieves, who are increasingly finding that government institutions, banks and other similar organisations such as utility companies are insisting on such proof before conducting business with their users.

Now let's be honest here, and a little discreet - it's only a "special" kind of user who's going to fall for such an obvious scam. We are, however, in the numbers game, and a tiny slice of a huge pie is still big enough to make it worthwhile for the bad guys.

Facebook and Twitter also use the "valid id" method to authenticate accounts which have had some kind of issue regarding security.

"Most sophisticated trojan yet"

Currently only detected in Hong Kong and Singapore, the current spin of the Acecard trojan is a more sophisticated one than the one discovered earlier in a card game inside the Google Play Store. First discovered by McAfee inside a Back Jack game, the trojan has spread to other apps such as one posing as the Adobe Flash player, video codecs and even pornography software. Play Store users are safe from these for now, and the recent changes Google made to Android give users some warning all is not well by forcing them to agree to the privilege demands they require in the form of pop ups from the system itself.

IBM has highlighted the release of the GM Bot source code back in February as the reason for the increase in the variations of this malware seen in the wild. Malware creators suddenly got an easy way to create their trojans with small variations which could target specific areas, such as banking with this selfie id scam.

The actual techniques used to trigger the malware varies. Some use overlays on existing apps which mimic perfectly the screen the user enters information into, others lie in wait for a specific event to occur such as a video being played, before springing up into action. What makes one variant especially sneaky is a version which only waits for the Google Play store to run, and ask for credit card details when it does - something the real Play Store app would never do. The styling such as the logo and graphics appear exactly as the ones Google itself uses to further reinforce the users confidence that they really are talking only to Google.

Combining an existing malware strain with new social engineering techniques looks set to cause headaches for users and legitimate organisations alike. McAfee has been tracking this for some time now:

acecard evolution 700x250