Faktoroken Android Trojan: Kaspersky Lab researchers have discovered a new modification of the well-known mobile banking Trojan Faketoken, which has developed and is now able to steal personal data from popular taxi applications.
The mobile apps market is growing and offering more and more services that store confidential financial data, including taxi applications and ride-sharing apps that require bank account information from users.
The fact that these applications are installed on millions of Android devices world-wide makes them more appealing to digital criminals who have greatly expanded the functionality of malware mobile banking.
The new version of Faketoken makes live apps tracking and once a user runs a particular application, it overlaps with an electronic phishing window to steal the victim's bank account details.
Trojan retains the same interface, using the same designs, colors and logos, automatically creating an invisible overlay. Based on the results of Kaspersky Lab's research, criminals target this malicious software in the most popular international taxi services and vehicle-shifting services.
In addition, the Trojan intercepts all incoming SMS messages by transferring it to its command and control servers, allowing criminals to access the unique confirmation codes sent by banks or other messages sent by various travel services. Among other things, this Faketoken modification can monitor user calls, record them and transmit the resulting data to the command and control servers.
Overlay is a common feature that is triggered in many mobile applications. 2016, Kaspersky Lab reported a modification of Faketoken that attacked more than 2.000 financial applications around the world, "disguised" as various programs and games, often mimicking Adobe Flash Player. Since then, Faketoken has been further developed and geographically expanded its activities.
"The fact that digital criminals have expanded their activities from financial applications to other sectors, including taxi services and vehicle-sharing services, means that developers of these services may want to pay more attention to protecting their users. The banking industry is already familiar with fraud and tricks and has responded by applying security technologies to applications, thus significantly reducing the risk of theft of critical financial data. Perhaps it is now time for other services that include financial transactions to follow suit. Its new version Faketoken targeting mostly Russian users. However, the geography of its attacks could easily be extended to the future. We have seen it with previous versions of it Faketoken and other bank malware programs in the past, said Viktor Chebyshev, Kaspersky Lab security specialist.
Researchers also detected Faketoken Android Trojan attacks on other popular mobile apps such as hotel and travel booking applications, roadmap fines, Android Pay and Google Play Market apps.
To protect against Faketoken Android Trojan and other malware threats for Android, Kaspersky Lab recommends users not installing applications from unknown sources.
More information about the new version of Faketoken's malware software can be found on the dedicated website Securelist.com.