Faketoken Android Trojan: Οι ερευνητές της Kaspersky Lab έχουν ανακαλύψει μία νέα amendment του αρκετά γνωστού mobile banking Trojan Faketoken, το οποίο έχει αναπτυχθεί και είναι πλέον σε θέση να υποκλέψει προσωπικά στοιχεία από δημοφιλείς εφαρμογές για υπηρεσίες ταξί.
The mobile apps market is growing and offering more and more services that store confidential financial data, including taxi applications and ride-sharing apps that require bank account information from users.
The fact that these applications are installed on millions of Android devices world-wide makes them more appealing to digital criminals who have greatly expanded the functionality of malware mobile banking.
The new version of Faketoken performs live monitoring of applications and once the user "runs" a particular one application, overlays it with a phishing window to steal the victim's bank account details.
Trojan retains the same interface, using the same designs, colors and logos, automatically creating an invisible overlay. Based on the results of Kaspersky Lab's research, criminals target this malicious software in the most popular international taxi services and vehicle-shifting services.
In addition, the Trojan intercepts all incoming SMS messages by transferring them to its command and control servers, allowing criminals to have access to the unique confirmation codes sent by banks or other messages sent by various travel services. Among other things, this Faketoken modification can monitor user calls, record them and transmit the resulting data to command and control servers.
Overlay is a common feature that is triggered in many mobile applications. 2016, Kaspersky Lab reported a modification of Faketoken that attacked more than 2.000 financial applications around the world, "disguised" as various programs and games, often mimicking Adobe Flash Player. Since then, Faketoken has been further developed and geographically expanded its activities.
"The fact that digital criminals have expanded their activities from financial applications to other sectors, including taxi services and vehicle-sharing services, means that developers of these services may want to pay more attention to protecting their users. The banking industry is already familiar with fraud and tricks and has responded by applying security technologies to applications, thus significantly reducing the risk of theft of critical financial data. Perhaps it is now time for other services that include financial transactions to follow suit. Its new version Faketoken targeting mostly Russian users. However, the geography of its attacks could easily be extended to the future. We have seen it with previous versions of it Faketoken and other bank malware programs in the past, said Viktor Chebyshev, Kaspersky Lab security specialist.
Οι ερευνητές ανίχνευσαν επίσης επιθέσεις του Faketoken Android Trojan σε άλλες δημοφιλείς mobile εφαρμογές, όπως εφαρμογές ταξιδιών και κρατήσεων ξενοδοχείων, εφαρμογές για πληρωμές προστίμων τροχαίας, Android Pay και Google play market.
To protect against Faketoken Android Trojan and other malware threats for Android, Kaspersky Lab recommends users not installing applications from unknown sources.
More information about the new version of Faketoken's malware software can be found on the dedicated website Securelist.com.