Faketoken Android Trojan: Kaspersky Lab researchers have discovered a new modification of the well-known mobile banking Trojan Faketoken, which has been developed and is now able to steal personal information from popular applications for taxi services.
The mobile apps market is growing and offers more and more services that store confidential financial data, including apps for taxi services and ride-sharing apps that require information bank accounts by users. 
The fact that these applications are installed on millions of Android devices world-wide makes them more appealing to digital criminals who have greatly expanded the functionality of malware mobile banking.
The new version of Faketoken makes live apps tracking and once a user runs a particular application, it overlaps with an electronic phishing window to steal the victim's bank account details.
The Trojan maintains the same interface, χρησιμοποιώντας τα ίδια σχέδια, χρώματα και λογότυπα, δημιουργώντας αυτομάτως μία αόρατη επικάλυψη. Βάσει των αποτελεσμάτων της έρευνας της Kaspersky Lab, οι εγκληματίες στοχεύουν με αυτό το κακόβουλο λογισμικό στις πιο δημοφιλείς διεθνείς εφαρμογές υπηρεσιών ταξί και υπηρεσιών μετακίνησης με κοινή χρήση οχήματος.
In addition, the Trojan intercepts all incoming SMS messages by transferring it to its command and control servers, allowing criminals to access the unique confirmation codes sent by banks or other messages sent by various travel services. Among other things, this Faketoken modification can monitor user calls, record them and transmit the resulting data to the command and control servers.
Overlay is a common feature enabled in many mobile applications. In 2016, Kaspersky Lab reported a modification of Faketoken that attacked more than 2.000 financial applications worldwide, "disguised" as various programs and gamea, often mimicking Adobe Flash Player. Since then, Faketoken has further developed and expanded its operations geographically.
"The fact that digital criminals have expanded their operations from financial apps to other sectors, including taxi services and ride-sharing services, means that developers of these services may want to give more caution to protect their users. The banking industry is already familiar with fraud schemes and tricks and has reacted by applying security technologies to applications, thereby significantly reducing the risk of theft of critical financial information. Perhaps now is the time for other services that involve transactions with financial data to follow suit. Its new version Faketoken targeting mostly Russian users. However, the geography of its attacks could easily be extended to the future. We have seen it with previous versions of it Faketoken and other bank malware programs in the past, said Viktor Chebyshev, Kaspersky Lab security specialist.
Researchers also detected Faketoken Android Trojan attacks on other popular mobile apps such as hotel and travel booking applications, roadmap fines, Android Pay and Google Play Market apps.
To protect against Faketoken Android Trojan and other malware threats for Android, Kaspersky Lab recommends users not installing applications from unknown sources.
More information about the new version of Faketoken's malware software can be found on the dedicated website Securelist.com.
