Android Trojan Directly Targets Non-Banking Apps That Need Carte Du Jour Payments

The infamous mobile banking trojan that of late added ransomware features to bag sensitive information together with lock user files at the same fourth dimension has at nowadays been modified to bag credentials from Uber together with other booking apps every bit well.

Security researchers at Kaspersky Lab accept discovered a novel variant of the Android banking Trojan called Faketoken that at nowadays has capabilities to uncovering together with tape an infected device's calls together with display overlays on run past times of taxi booking apps to bag banking information.

Dubbed Faketoken.q, the novel variant of mobile banking trojan is existence distributed using mass SMS messages every bit their assail vector, prompting users to download an ikon file that genuinely downloads the malware.

Malware Spy On Telephonic Conversations

Once downloaded, the malware installs the necessary modules together with the primary payload, which hides its shortcut icon together with begins monitoring everything—from every calls to launched apps—that happens on the infected Android device.

When calls are made to or received from for certain telephone numbers on the victim's device, the malware begins to tape those conversations together with sends the recordings to the attacker's server.

Moreover, Faketoken.q every bit good checks which apps the smartphone possessor is using together with when detects the launch of an app whose interface it tin sack simulate, the Trojan straightaway overlays the app amongst a faux user interface.

Malware Exploits Overlay Feature to Steal Credit Card Details

In club to plough over this, the Trojan uses the same criterion Android characteristic that is existence employed past times a whole bunch of legitimate apps, such every bit Facebook Messenger, window managers, together with other apps, to demo cover overlays on run past times of all other apps.

The faux user interface prompts victims to run inwards his or her payment bill of fare data, including the bank’s verification code, which tin sack afterwards last used past times attackers to initiate fraudulent transactions.

Faketoken.q is capable of overlaying a large expose of mobile banking apps every bit good every bit miscellaneous applications, such as:

• Android Pay
• Google Play Store
• Apps for paying traffic tickets
• Apps for booking flights together with hotel rooms
• Apps for booking taxis

Since fraudsters require an SMS code sent past times the banking enterprise to authorise a transaction, the malware steals incoming SMS message codes together with frontward them to the attackers command-and-control (C&C) server for a successful attack.

According to the researchers, Faketoken.q has been designed to target Russian-speaking users, every bit it uses the Russian linguistic communication on the user interface.

Ways to Protect Against Such Android Banking Trojans

The easiest means to forbid yourself existence a victim of such mobile banking Trojans is to avoid downloading apps via links provided inwards messages or emails, or whatever third-party app store.

You tin sack every bit good become to Settings → Security together with brand for certain "Unknown sources" selection is turned off inwards club to block installation of apps from unknown sources.

Most importantly, verify app permissions earlier installing apps, fifty-fifty if it is downloaded from official Google Play. If y'all uncovering whatever app bespeak to a greater extent than than what it is meant for, simply produce non install it.

It's e'er a practiced sentiment to install an antivirus app from a reputed vendor that tin sack uncovering together with block such malware earlier it tin sack infect your device, together with e'er decease on your organisation together with apps up-to-date.

Share This :