Think before you selfie – mobile malware might be watching

Facial recognition technology might be a boon for mobile payment security, but it also represents another weapon for cybercriminals, a cybersecurity expert warns.

A mobile research team inside Intel Security Group’s McAfee Labs recently discovered a strain of Android-based malware that uses a fake but convincing interface to collect a wide range of personal information from unwitting users – ending with a picture of the victim and their ID card.

“That’s right,” Intel Security cybersecurity and privacy director Bruce Snell writes in an Oct. 13 blog post: “Malware is now asking for you to take a selfie.”

Courtesy Dell Security
Courtesy Dell Security

An example of a Trojan horse, the malware tricks users into installing it – and therefore granting the permissions it needs to execute its malicious goal – by pretending to be a video codec or plugin (right). The malware then runs in the background, waiting for users to open the type of app that would legitimately ask for a credit card number.

After the user opens an appropriate app, the malware displays its own window instead, asking for credit card details and, after validating the number, going on to ask for additional information, starting with the four-digit number on the back and continuing with the user’s age, birthday, mailing address, and even pictures of the front and back of the user’s ID.

Courtesy Dell Security
Courtesy Dell Security

Finally, with all of that information collected, the malware asks the unwitting victim to take a selfie with their ID in hand (left).

“If you entered in everything you were asked for, the cybercriminals controlling this malware would now have all the information they needed to gain access to your online accounts,” Snell writes. “While it’s not the first time we’ve seen malware that asks for a picture, this is the first time we’ve seen this in mobile malware.”

While this particular strain has only affected users in Singapore and Hong Kong so far, he writes, it’s a good idea for North American users to recognize the threat it represents and prepare accordingly.

Don’t install random plugins

“If you go to a site that is asking you to install a ‘codec’ or ‘video plugin,’ don’t do it – either that site is using an older out of date video format (that could be vulnerable to more malware) or it is trying to get you to install malware,” Snell writes. “Either way, go to another site.”

The majority of the internet has settled on a handful of different formats to use for videos, he writes, and the majority of mobile operating systems have them installed already. If you truly think you’re missing a legitimate plugin, go directly to the site that makes it and install it from there.

Don’t take a picture of your ID

“You should always be skeptical when apps start asking for too much information,” Snell writes. “In general, storing that sort of information on a server (picture of your ID, passport, etc.) is not a good security practice, so even if an app you are using is legitimately asking for a copy of your ID, you may want to reconsider ditching that app for another one with better security practices.”

Install security software

Normally keeping your device up to date offers a good base level of security protection, Snell writes, but since Trojan malware is installed with the user’s permission, having the latest system won’t protect them from this particular strain.

“Cybercriminals are certainly not slowing down their efforts to steal your data, but with good security practices and the right protections in place, you have a fighting chance,” he writes.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Eric Emin Wood
Eric Emin Wood
Former editor of turned consultant with public relations firm Porter Novelli. When not writing for the tech industry enjoys photography, movies, travelling, the Oxford comma, and will talk your ear off about animation if you give him an opening.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs