FakeToken: Mobile banking trojan stealing user data from ride-hailing apps

By : |August 21, 2017 0

FakeToken mobile trojan that had hit Android users back in March 2012 as a banking OTP/MSTN stealer disguised as a fake banking token generator and then reappeared as a mobile ransomware in March 2016 is back again and this time it is targeting users of famous taxi services including Uber.

The malware can steal user’s banking credentials from popular taxi applications and ride-sharing apps, Kaspersky Labs said. “The new version of FakeToken performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim. The trojan has an identical interface, with the same color schemes and logos, which creates an instant and completely invisible overlay.”

After getting onto a smartphone and installing the necessary modules, the trojan hides its shortcut icon and starts background monitoring of everything that happens in the system. The malware also monitors users’ calls, records them and transmits the data to the command and control servers.



“Smart devices aren’t that smart indeed. Surely not secure. Humans are the weakest link in cyber security. Cybercriminals leverage the fact that everyone has a mobile device today. This mobile trojan is lethal, in that it is able to take full control of the device, and steal critical information like banking credentials, contacts, etc and even record your calls,” said Ankush Johar, Director at HumanFirewall.io, security awareness and preparedness solutions provider.

According to Kaspersky Lab, the new version of “FakeToken” targets mostly Russian users but they believe the geography of attacks could easily be extended in the future. So in the future, think twice before clicking on anything.

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.