The untrained and rather naive Android users appear to be the target of an Android banking trick (Acecard) that calls for a selfie to be sent by its victims by keeping their identity card.
The name of the trojan is Acecard and is considered one of the most dangerous and intrusive Android trojans that is known today, according to a Kaspersky analysis last February.
In a previous version the Acecard trojan was hidden inside a game Black Jack that was distributed through the official Google Play Store. Η πιο πρόσφατη έκδοση του κακόβουλου λογισμικού σύμφωνα με τους ερευνητές ασφαλείας της McAfee μπορεί να κρυφτεί μέσα σε όλα τα είδη των εφαρμογών που χρησιμοποιούν το Adobe Flash Player, in pornographic material or in video codecs.
All of these apps are distributed outside of the Play Store and are known because they are constantly asking for the victim's permission until they get what they want, that is, administrator rights.
Once this step is achieved, the trojan hides until the user opens a specific application. McAfee researchers found that when the user opens the Google Play application, the trojan uses a social engineering trap.
First, it asks the user for his credit card number. Then, in different pop-ups, he asks the user for his card details, such as the name and expiration date, but also asks for his real identity.
After that, the trojan gives his victim new instructions requiring him to pull back and forth his identity. In the third stage the trojan asks the user to keep the ID in his hand under his face and get a selfie.
"This is very useful for a cybercriminal who wants to verify the identity of the victim and have access to not only bank accounts but maybe even social networks," says Carlos Castillo of McAfee.
Να αναφέρουμε ότι εκτός από το Google Play, αυτή η έκδοση του Acecard συλλέγει και τα διαπιστευτήρια πρόσβασης από τις παρακάτω services: Facebook, WhatsApp, WeChat, Line, Viber, Dropbox, Google Music, Google Books, και Google Videos.
This trick obviously works only to beginner users.