Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Android trojan requests selfie after you’ve handed data over


McAfee researchers have spotted a clever trojan designed to take advantage of a person's vanity and new security verification methods by asking victims to take a selfie.

The Android malware uses a sneaky code that runs continuously in the background while waiting for a user to open apps, specifically those where it would make sense to request payment information. The malware then overlays itself on top of the legitimate app where it proceeds to request personal information from a user for “verification purposes” ending with a request for the user to take a picture of themselves holding their ID card, according to an Oct. 13 blog post.  

The trojan is disguised as a video plugin, which allows it to gain accesses to the device's permissions needed to execute the malicious code. So far the malware has only been impacted users in Singapore and Hong Kong.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.