Faketoken Android Trojan: Οι ερευνητές της Kaspersky Lab έχουν ανακαλύψει μία νέα τροποποίηση του αρκετά γνωστού mobile banking Trojan Faketoken, το οποίο έχει αναπτυχθεί και είναι πλέον σε θέση να υποκλέψει προσωπικά στοιχεία από δημοφιλείς εφαρμογές για services cab.
The mobile apps market is growing and offering more and more services that store confidential financial data, including taxi applications and ride-sharing apps that require bank account information from users. 
The fact that these applications are installed on millions of Android devices world-wide makes them more appealing to digital criminals who have greatly expanded the functionality of malware mobile banking.
The new version of Faketoken makes live apps tracking and once a user runs a particular application, it overlaps with an electronic phishing window to steal the victim's bank account details.
Trojan retains the same interface, using the same designs, colors and logos, automatically creating an invisible overlay. Based on the results of Kaspersky Lab's research, criminals target this malicious software in the most popular international taxi services and vehicle-shifting services.
In addition, the Trojan intercepts all incoming SMS messages by transferring them to its command and control servers, allowing criminals to access the unique confirmation codes sent by banks or other messages sent by various transportation services. Among other things, this Faketoken modification can monitor user calls, record them and transmit the resulting data to command and control servers.
Overlay is a common feature enabled in many mobile applications. In 2016, Kaspersky Lab reported a modification of Faketoken that attacked more than 2.000 financial applications worldwide, "disguised" as various programs and games, often mimicking the Adobe Flash Player. Since then, Faketoken has further developed and expanded its operations geographically.
“The fact that digital criminals have expanded their operations from financial apps to other sectors, including taxi and ride-sharing services, means that the developers of these services may want to pay more attention to protecting their users. The banking industry is already familiar with fraud schemes and tricks and has responded by applying security technologies to applications, thereby significantly reducing the risk of theft of critical financial data. Perhaps now is the time for other services that involve transactions with financial data to follow suit. Its new version Faketoken targeting mostly Russian users. However, the geography of its attacks could easily be extended to the future. We have seen it with previous versions of it Faketoken and other bank malware programs in the past, said Viktor Chebyshev, Kaspersky Lab security specialist.
Researchers also detected Faketoken Android Trojan attacks on other popular mobile apps such as hotel and travel booking applications, roadmap fines, Android Pay and Google Play Market apps.
To protect against Faketoken Android Trojan and other malware threats for Android, Kaspersky Lab recommends users not installing applications from unknown sources.
More information about the new version of Faketoken's malware software can be found on the dedicated website Securelist.com.
