A selfie can be quite harmless unless a bit raunchy and overly revealing. But this new malware takes it to a whole new level. Malware Researchers discover new malware that asks for user’s selfie. You ask why? Their primary objective is to steal your identity.
Researchers at McAfee Labs’ Mobile Research department have discovered a very powerful Android Trojan that exploits the selfie mania that has taken the world by storm.
User’s ignorance or innocence is what that the malware developer is targeting. In a way, they are using advanced security verification method and a little bit of foolery so that they can lure the unsuspecting victim into taking a selfie using a disguised fake app. This in turn runs malicious code that asks for personal information. They make it seem that it is for “verification purposes” but in fact, once done, they have stolen most of the information they need from you.
At first, it asks for basic credit card info, once verified, it asks for additional information including the card’s 4-digit number printed on its back. Furthermore, the victim would end up providing all his information to successfully do an identity theft. The icing on the cake is that the malware asks for a selfie of the victim holding and ID card which shows the front and another one with the back of the card which further cements the deal.
And what happens next is as expected. The crooks can take over the victim’s online accounts.
In a blog post published on 13th October, McAfee researchers revealed that the Trojan is masked as an Android video plugin so it can obtain access to the various device permissions that are required for the execution of the malicious code.
This malware is currently circulating in Hong Kong and Singapore. It wont take long until they will try to start targeting other countries worldwide.
“Never download apps or plugins from a 3rd-party site”
Remember, this malware lures the user into installing it on the mobile by using the disguise of a video codec or plugin from third-party websites.
How can we avoid this?
First of all, refrain from installing unverified and mysterious codecs and plugins. If a website asks you to install a video player or codec out of the blue, it might be malware or cyber-crime related.
If the website really needs a legitimate codec or plugin, make sure you download the original website. If you need an authentic app, make sure you get it from the Google Play store.
Mobile phones mostly have all the needed codecs and rarely need newer one.If an app asks you to do so, immediately uninstall it and do further research if you really need it installed and if it is all legit.