Kaspersky Labs reported last week that the Faketoken malware has been spotted again recently in Android ridesharing apps like Uber with new tricks up its sleeve: it can now intercept text messages and record calls in addition to stealing financial information using deceitful methods.
The latest iteration of the mobile banker Trojan has been named faketoken.q, and it has been traced back to roughly 2,000 apps, most of them based on Russia. Some, however, are high-profile digital services to book hotel rooms, hail rides, and more.
Mobile malware as we know it is constantly evolving right under our noses, for which it is always advisable to keep your phone updated and as secure as possible. Installing protection apps might be necessary for those running older versions of Android that are more prone to vulnerabilities.
— Eugene Kaspersky (@e_kaspersky) August 17, 2017
What is Faketoken and how does it work?
Faketoken.q is the newest and most refined version of a mobile malware that affects Android devices. Previous builds were tagged as banker Trojans, which essentially are strings of code designed to steal information like credit card numbers and passwords.
Its reputation has made it well-documented enough for it to be considered no more than a slight threat up until now. The new faketoken infiltrates devices through bulk SMS sent to people downloadable attachments that carry with them the concealed seeds of the malware.
Once it has made itself nice and cozy in your phone, faketoken makes use of a sophisticated form of a cloak and dagger attack, which takes advantage of Android’s built-in capabilities to overlay elements on top of app screens to disguise itself as a different screen altogether.
By doing this, the malware can show you, for example, a payment window within the Uber app that is actually rerouted to someplace else for people to get your credit card information and credentials. It also monitors your calls and messages looking for valuable banking details.
Should I be worried about Faketoken malware on my phone?
Kaspersky Labs has said that faketoken.q is, so far, spread mostly across Russia. However, it warns that this should not fool users into believing they are safe: the cyber security firm is prompting people to check their app permissions on Android to block installations from unknown sources.
Other than that, the song remains the same: use common sense, always keep an eye open for weird stuff going on with your phone, install an antivirus app if you consider it necessary, and keep only the apps you consider essential in your phone; updated, of course.
Researchers at Kaspersky do not discard the possibility of the new faketoken being a mere test-run version of a ‘commercial’ malware spreading more broadly later on. Ridesharing and service-hiring apps are booming, so it is only a matter of time before someone taps that market with these new methods.
Source: Kaspersky Labs