Security researchers at Kaspersky Lab accept discovered a novel variant of the Android banking Trojan called Faketoken that at nowadays has capabilities to honor together with tape an infected device's calls together with display overlays on overstep of taxi booking apps to pocket banking information.
Dubbed Faketoken.q, the novel variant of mobile banking trojan is existence distributed using volume SMS messages equally their assail vector, prompting users to download an icon file that genuinely downloads the malware.
Malware Spy On Telephonic Conversations
Once downloaded, the malware installs the necessary modules together with the primary payload, which hides its shortcut icon together with begins monitoring everything—from every calls to launched apps—that happens on the infected Android device.
When calls are made to or received from for certain telephone numbers on the victim's device, the malware begins to tape those conversations together with sends the recordings to the attacker's server.
Moreover, Faketoken.q too checks which apps the smartphone possessor is using together with when detects the launch of an app whose interface it tin simulate, the Trojan directly overlays the app amongst a simulated user interface.
Malware Exploits Overlay Feature to Steal Credit Card Details
The simulated user interface prompts victims to piece of occupation inwards his or her payment carte du jour data, including the bank’s verification code, which tin after hold upward used past times attackers to initiate fraudulent transactions.
Faketoken.q is capable of overlaying a large give away of mobile banking apps equally good equally miscellaneous applications, such as:
- Android Pay
- Google Play Store
- Apps for paying traffic tickets
- Apps for booking flights together with hotel rooms
- Apps for booking taxis
Since fraudsters require an SMS code sent past times the banking concern to authorise a transaction, the malware steals incoming SMS message codes together with forrad them to the attackers command-and-control (C&C) server for a successful attack.
According to the researchers, Faketoken.q has been designed to target Russian-speaking users, equally it uses the Russian linguistic communication on the user interface.
Ways to Protect Against Such Android Banking Trojans
The easiest agency to forbid yourself existence a victim of such mobile banking Trojans is to avoid downloading apps via links provided inwards messages or emails, or whatever third-party app store.
You tin too become to Settings → Security together with brand for certain "Unknown sources" selection is turned off inwards lodge to block installation of apps from unknown sources.
Most importantly, verify app permissions earlier installing apps, fifty-fifty if it is downloaded from official Google Play. If you lot discovery whatever app holler for to a greater extent than than what it is meant for, but produce non install it.
It's ever a practiced persuasion to install an antivirus app from a reputed vendor that tin honor together with block such malware earlier it tin infect your device, together with ever cash inwards one's chips on your organization together with apps up-to-date.
