Advertisment

FakeToken: Mobile banking trojan stealing user data from ride-hailing apps

author-image
CIOL Writers
New Update
New malware detected in India that steals money from users' mobile phones

FakeToken mobile trojan that had hit Android users back in March 2012 as a banking OTP/MSTN stealer disguised as a fake banking token generator and then reappeared as a mobile ransomware in March 2016 is back again and this time it is targeting users of famous taxi services including Uber.

Advertisment

The malware can steal user's banking credentials from popular taxi applications and ride-sharing apps, Kaspersky Labs said. "The new version of FakeToken performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim. The trojan has an identical interface, with the same color schemes and logos, which creates an instant and completely invisible overlay."

After getting onto a smartphone and installing the necessary modules, the trojan hides its shortcut icon and starts background monitoring of everything that happens in the system. The malware also monitors users' calls, records them and transmits the data to the command and control servers.

“Smart devices aren’t that smart indeed. Surely not secure. Humans are the weakest link in cyber security. Cybercriminals leverage the fact that everyone has a mobile device today. This mobile trojan is lethal, in that it is able to take full control of the device, and steal critical information like banking credentials, contacts, etc and even record your calls,” said Ankush Johar, Director at HumanFirewall.io, security awareness and preparedness solutions provider.

According to Kaspersky Lab, the new version of "FakeToken" targets mostly Russian users but they believe the geography of attacks could easily be extended in the future. So in the future, think twice before clicking on anything.

cybersecurity malware kaspersky-lab