Beware: Android Trojan uses fake app to read credit cards, steal cash 1

Faketoken Android malware listens in, steals credit card info

Cybersecurity firm Kaspersky Labs has warned Android smartphone users of a new malware called Faketoken that’ll steal your money without you noticing a thing.

The Faketoken Trojan has existed for some time now but today it is a highly sophisticated malware that has learned a few new tricks along the way.

Kaspersky are not sure how the malware gets onto a phone but point towards spam SMS messages that prompt users to download pictures and images.

From Russia without love

Kaspersky believes scammers are testing the limits of Faketoken by targeting Russian consumers, but the malware could easily spread across European and UK networks.

To this day we still have not registered a large number of attacks with the Faketoken sample and we are inclined to believe that this is one of its test versions,” a Kaspersky researcher wrote.

“According to the list of attacked applications, the Russian User Interface of the overlays, and the Russian language in the code, Faketoken is focused on attacking users from Russia and CIS countries,” he concluded.

Nevertheless, it is only a matter of time before the malware infects the rest of the world.

That tends to be the nature of malwares but the sophisticated workings of Faketoken should be a wake-up call for producers of apps.

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ride-sharing services, means that the developers of these services may want to start paying more attention to the protection of their users,” warned Kaspersky.

“The banking industry is already familiar with fraud schemes and tricks. Perhaps now it is time for other services that are working with financial data to follow suit.”

How does Faketoken steal your money?

Writing on its security blog Kaspersky explained how the malware works.

Receiving a call from, or making a call to a certain phone number, the malware begins to record the
conversations and sends it to the evildoers shortly after the conversation ends.

The authors of Faketoken kept the overlay features and simplified them considerably.

The Trojan is capable of overlaying apps such as Android Pay and Google Play Store, as well as apps for paying traffic tickets and booking flights, hotel rooms and taxis.

In other words, when Faketoken detects an app is being used it instantly superimposes it with their fake app, leaving you none the wiser as you begin to put in your credit card numbers.

It also means the hackers can intercept texts and messages with unique codes or passwords before they reach you.

Check permissions to stop malware infection

To mitigate the chances of downloading any malware, experts recommend never buying or donwloading apps from third party services.

Only use the official app stores such as Google Play.

However, we already know there are thousands of apps from disreputable developers on Google Play that are secretly infected with malware.

You can also go into your phone’s Settings and block the installation of apps from unknown sources. Go to Settings¬Security and check that the slider is not set to Allow.

Beware: Android Trojan uses fake app to read credit cards, steal cash

App permissions are the key

The best way to protect yourself is to know what permissions an app should need to run on your phone.

You should be suspicious when an app asks for permission to do something on your phone that isn’t related to what the app does.

This could be sending SMS texts or MMS picture messages, or making voice calls. Also, be on your guard if an app asks for permission to modify global settings or download files without notification.

In the vast majority of cases malware won’t be bundled with major apps like those direct from Google or other well-known developers.

Instead you should be suspicious about dodgy developers you’ve never heard of.

If you have any doubts, just abandon the download. And as with your PC and laptop, always keep your phone up to date with the latest anti-virus software.

IMAGES: Kapersky Labs


A veteran freelance journalist writing extensively on internet news and cybersecurity.
Back To Top