Android Trojan variant targets mobile banking apps; research
Dubbed Faketoken.q, the new variant of mobile banking trojan is being distributed using bulk SMS messages
Kaspersky Lab analysts have discovered a new variant of the Android Trojan Faketoken which is capable of detecting and recording an infected device and display overlaps on particular apps.
The new variant, dubbed Faketoken.q, is being sent as bulk SMS messages where the receiver will be prompted to download an image which is actually malware. This malware then installs modules and the main payload, but hides itself to secretly monitor the users' actions.
Worryingly, the call conversations can be monitored, as well as recorded and then sent to the attacker's server. Plus Faketoken.q monitors the opened apps, including Facebook Messenger, but places an overlay to show a fake user interface.
Analysts at Kaspersky Labs say that the fake user interface prompts users to enter their payment card data, which can be later used by attackers to make fraudulent transactions. Furthermore, attackers require an SMS code sent by the bank to authorise a transaction, the malware steals incoming SMS message codes and forwards them to the attackers command-and-control (C&C) server for a successful attack.
Faketoken.q has the capabilities overlaying a number of mobile banking apps and applications, such as Android Pay, Google Play Store, and apps for paying traffic fines, booking flights and hotel rooms and booking taxis.
To avoid becoming a victim of such crimes, analysts advise not to download apps via links in messages, emails or any third-party app store. Plus, verify app permissions before installing apps, installing an antivirus app can detect and block malware and it is important to keep devices up-to-date.