Categories: NewsSecurity

Faketoken Android Malware Can Steal Victims’ Calls, Texts, and Credit Cards

By now, Android users know that they should avoid installing apps from third-party websites and unsolicited download prompts. Those who do not take security seriously end up having to deal with malware that can potentially cost them thousands of dollars. Faketoken, a one-year-old malware strain, recently evolved into a serious security threat, according to Kaspersky Labs.

Faketoken Is No Joke

Faketoken, according to various reports, used to cause low-level infections. It has recently been upgraded by its developers, and now has a better attack mechanism and reaches a lot more people.

Kaspersky researchers were not able to reconstruct the events leading to an infection, but believe the malware sneaks onto smartphones through bulk SMS message campaigns that prompt users to download pictures. Those that do so get infected.

Once on the system, Faketoken obfuscates itself by hiding its shortcut icon. It then remains undetected while monitoring which apps the user opens, which messages are being received, phone calls, and the like, and sends all that information to its command and control (C&C) server.

Notably, the Faketoken malware can put screen overlays on an estimated 2,000 apps to trick users into handing its admins their credit card info. When a user launches one of these applications, the malware substitutes the app’s UI with a fake one. The substitution is instantaneous so the user is completely unaware. The damage can be significant, as all of these apps support linking bank cards. Kaspersky stated:

Related Post

“It should be noted that all of the apps attacked by this malware sample have support for linking bank cards in order to make payments. However, the terms of some apps make it mandatory to link a bank card in order to use the service.”

Since most of these apps require two-factor confirmation through an SMS code, fraudsters complete the process by having Faketoken monitor incoming text messages to catch one-time passwords and redirect them to its server before the user ever sees them.

More Advanced Version to Come

Kaspersky Labs warned that this version of Faketoken is still rather new, and that more advanced versions are to be expected. In fact, those versions may already be out in the wild. To protect yourself against this and other types of malware, be very careful with attachments from unknown sources, do not install apps from third-party sources, and use an anti-malware app.

Faketoken’s screen overlays indicate that the version Kaspersky tested was still unfinished, as it contained formatting errors that would make it obvious to the victim that something is off. Interestingly, the malware has been mainly spotted in Russia and other ex-Soviet countries. The researchers stated:

“To this day we still have not registered a large number of attacks with the Faketoken sample, and we are inclined to believe that this is one of its test versions. According to the list of attacked applications, the Russian UI of the overlays, and the Russian language in the code, Faketoken.q is focused on attacking users from Russia and CIS countries.”

Francisco Memoria

Francisco is a cryptocurrency enthusiast who's lucky enough to be able to write about his passion.

Share
Published by
Francisco Memoria

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

5 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

5 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

5 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

5 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

5 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

8 hours ago