Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Android Security Google Operating Systems Privacy Software News Technology

Android Trojan Asks Victims To Submit a Selfie Holding Their ID Card (softpedia.com) 25

An anonymous reader writes from a report via Softpedia: Untrained and gullible Android users are now the target of an Android banking trojan that asks them to send a selfie holding their ID card. The trojan, considered the most sophisticated Android trojan known today, is named Acecard, and this most recent version has been detected only in Hong Kong and Singapore for now. The purpose of requiring a selfie of the victim holding his/her ID card is for the crook to prove himself when making fraudulent bank transactions, calling tech support posing as the victim, or for taking over social media accounts for Facebook or Twitter, which often require ID scans in the case of account takeover disputes. The report adds: "A previous version of the Acecard trojan hid inside a Black Jack game delivered via the official Google Play Store. In the most recent version of this threat, security experts from McAfee have found a new version of the Acecard trojan hidden inside all sorts of apps that pose as Adobe Flash Player, pornographic apps, or video codecs. All of these apps are distributed outside of the Play Store and constantly pester users with permission requirement screens until they get what they want, which is administrator rights. Once this step is achieved, the trojan lays in hiding until the user opens a specific app. McAfee experts found that when the user opens the Google Play app, the trojan springs a new social engineering trap."
This discussion has been archived. No new comments can be posted.

Android Trojan Asks Victims To Submit a Selfie Holding Their ID Card

Comments Filter:
  • Seriously, this is Darwinism. Morons must die.

    • by FunkSoulBrother ( 140893 ) on Friday October 14, 2016 @05:13PM (#53078565)

      Why should the information on my Drivers License/Passport that I show publicly to all sorts of people like bartenders or security cards put me at any risk?

      • by epyT-R ( 613989 )

        Identity fraud? The more they add to the dossier, the more likely they can successfully claim they are you.

        • by Archangel Michael ( 180766 ) on Friday October 14, 2016 @05:28PM (#53078633) Journal

          Here is the problem, you've basically described security through obscurity.

          But here is what I know about ID. It has to be public info in order to verify you are who you say you are. YOU are NOT your ID.

          The problem with ID, is that it assumes the person with the ID, is the person being Identified. It puts no responsibility upon the person who is trying to verify identity from ID.Here is my solution. Make ID the responsibility of the person verifying identity, not the person who is being identified.

          Someone goes in to get a loan, the bank needs to make sure the person is who they say they are, and if they are not, are liable. So when ID thief comes in with my info, and says they are me, and takes out a loan as me, that I am NOT responsible for that transaction (as it is today, and why LifeLock makes a mint). I shouldn't have to repair anything when someone presents themselves fraudulently as me.

          • by epyT-R ( 613989 )

            Well, yeah, but identity thieves build up dossiers over time.. A bit from here a bit from there, and when it hits some level of 'legitimacy', it's then used, usually for a money grab. While the data on a drivers license is 'out there', it's not necessarily a search away to anyone.

            Pragmatically, it can be very difficult to get out from under the damage caused by a major id theft, especially if it has been ongoing for years without your knowledge.

          • So when ID thief comes in with my info, and says they are me, and takes out a loan as me, that I am NOT responsible for that transaction (as it is today, and why LifeLock makes a mint)

            I'm not disputing that it is the case - I've heard the stories too.

            What I don't understand how any sane legal system allows two parties to make a contract on behalf of a third party, absent the typical situations where they have prior authorization to do so.

            Why can't the alleged debtor turn up with a letter purporting to be f

      • by Calydor ( 739835 ) on Friday October 14, 2016 @05:17PM (#53078581)

        Because we have allowed these things to become, essentially, universal passwords.

        You will most likely tell your friends to never use the same password for multiple sites, and then turn around and identify yourself EVERYWHERE with your driver's license or social security card. It's the same thing, just in the real world.

      • And you let your bartender take pictures of it too?

    • by BinBoy ( 164798 ) on Friday October 14, 2016 @05:34PM (#53078651) Homepage

      Joke's on them. I held up my credit card instead.

      • I did even better: I held up my VA patient's ID card. Not only is it useless as ID anyplace except the VA, you're asked for the last four digits of your SSN as a PIN. I imagine that a student ID card would work just as well.
    • by Anonymous Coward

      Well, first you have to get legitimate entities like Facebork to stop requesting the exact same thing. This one isn't quite a case of "legit companies don't do that" like is the case with the IRS communicating by phone or email or such things.

  • Feature was introduced in Marshmallow I believe. I had to do that when a utility app which had previously been silent got updated to spam me with ads disguised as a notification popup every few hours.

    Settings -> Apps -> [app in question] -> Notifications -> Block all

    You can also control most app permissions (independent of the app requesting them) in the same place.

    Settings -> Apps -> [app in question] -> Permissions

    Doesn't let you control an app's network usage (except cel

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...