New Android banking malware steals your data with the snap of a selfie

Christian de Looper
New Android banking malware steals your data with the snap of a selfie
A new malware has been making the rounds on Android that attempts to steal your identity -- by having you take a selfie with government-issued ID. Naturally, if an app wants a picture of your ID, you should make sure it actually needs it.

Next time you take a selfie, it could be moments before a new piece of malware takes over your banking apps. But it can’t just be any old selfie — the authors of the malware are hoping you’ll hold up a government-issued ID in the photo, too.

The discovery of the new malware comes from security researchers at McAfee, who say that the malware disguises itself as either a video codec, Flash plug-in, or an app for Porn Tube. As you might notice, none of those apps should need to verify your identity with a government-issued ID, so if you have your common sense about you, this isn’t something you should fall for.

Related: Malware allows attackers to silently steal webcam video from your Mac, expert says

If you do happen to go as far as handing over your information to hackers, you’ve given them everything they need to steal your identity and you should probably take the proper precautions to get your identity back.

“In addition to requesting credit card information and second-factor authentication, the malicious application asks for a selfie with your identity document — very useful for a cybercriminal to confirm a victim’s identity and access not only banking accounts, but probably also even social networks,” said Carlos Castillo in a McAfee Labs blog post.

So how can you protect yourself against the threat? Well, first of all, you should avoid downloading shady third-party apps from any app store, and you should only be getting your apps from Google Play, as McAfee notes that the malware only seems to be appearing on apps downloaded from those third-party stores. If you do download an app that asks for personal information, make sure that personal information is something the app really needs to know — it’s very rare that you should need to hand over a photo of your ID.