New Version of Android Malware Faketoken Can Steal Your Financial Info From Other Programs (particularly Ride-Sharing Apps)

Late last week, tech firm Kaspersky announced their discovery of a new modification of the Faketoken Android Trojan virus. This is a mobile banking Trojan which, of course, can steal your credentials, but it does it through your use of popular ride-hailing mobile applications.

Kaspersky Labs reminds that mobile app services—like those which hail rides for you—store your financial data because they require your bank card information before they can offer you service. And ride-hailing apps are installed on several million Android devices around the world, which makes them obviously attractive targets for hackers.
This latest iteration of the Faketoken Android Trojan, then, essentially performs live tracking of your apps. Basically, the Trojan just monitors apps like Uber and Lyft (et al) and overlays a phishing window to steal your information when you activate said apps to hail a ride.

In a note, the company describes: “Faketoken has an identical interface, with the same color schemes and logos, which creates an instant and completely invisible overlay.”

In addition to your banking messages, though, the new Faketoken Trojan will also steal all of your incoming text messages and redirects them to another recipient where the cybercriminals can get a hold of your one-time verification passwords (those which are often sent by banks when setting up your online and/or mobile banking services) or other messages from these services which the Trojan feels is pertinent.

In its subsequent news release, Kaspersky Lab security expert Viktor Chebyshev said, “The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ridesharing services, means that the developers of these services may want to start paying more attention to the protection of their users.”
He also made sure to reinforce the global society’s renewed need for cybersecurity improvement.
Chebyshev continues, “The banking industry is familiar with fraud schemes, and its solution of implementing security technologies in apps has significantly reduced the risk of theft of critical financial data. Perhaps now it is time for other services that are working with financial data to follow suit. The new version of Faketoken targets mostly Russian users; however, the geography of attacks could easily be extended, like we have seen with previous versions of Faketoken.”

Leave a Reply

Your email address will not be published. Required fields are marked *