The horrendous Android banking Trojan that recently included ransomware characteristics to steal confidential data and block user files simultaneously. Its manufacturers have now modified it to steal credentials from Uber and various booking apps. In order to stay away from these viruses; the users will have to browse safely on the internet. The best way to stay secure online is to have a protective shield of the most secure PN services. That allows the users to surf safely on the internet without being a victim of hackers. In this regard, we recommend you two of the best VPN services; ExpressVPN and NordVPN.
What Is FakeToken?
Security researchers at Kaspersky Lab have revealed about the latest variant of the Android banking Trojan called Faketoken.q That is now able to catch and record the calls of a device that is infected. It shows overlays on top of taxi booking apps in order to steal banking related information.
Hackers distribute the transcripted Faketoken via bulk SMS messages. They use bulk SMS as their attacking path. As a result, it evokes users to save an image file that eventually downloads the malware.
Faketoken can overlay plenty of mobile banking apps including miscellaneous applications, such as:
- Android Pay
- Google Play Store
- paying traffic tickets apps
- booking flights and hotel rooms apps
- Apps for booking taxis
Malware of Android Banking Trojan Snoop Telephonic Conversations :
When it is downloaded, the malware runs the compulsory modules and the payload. That hides its shortcut icon and begins monitoring everything—from every calls to launched apps—that happens on the infected Android device.
When the user of an infected device makes or receives calls from specific phone numbers; the malware gets in action to record those conversations. The attacker receives the recordings on his server. Moreover, Faketoken.q also spies the apps smartphone owner is using. When it determines that the user is launching an app. It stimulates the app’s interface and then the Trojan quickly overlays the app with a fake user interface.
Malware Uses Overlay Feature to Get Credit Card Details
In this regard, the Trojan utilizes the similar standard Android feature that a dozen of legitimate apps employs; such as Facebook Messenger, window managers, and other apps; to display screen overlays on top of other apps.
The fake user interface provokes victims to insert his or her payment card information. That comprises the bank’s verification code. Which attackers can use later on to initiate fraudulent transactions.
Since fraudsters need an SMS code sent by the bank to verify a transaction; the malware grabs incoming SMS message codes. It further sends them to the attackers command-and-control (C&C) server for a progressive attack.
Avoid Android Banking Trojans to Infect Your Device:
Here are some simplest ways are given below to avoid being a victim of such Android banking Trojan.
- Avoid downloading apps via links provided in messages or emails.
- Check “Unknown sources” option is turned off to block installation of apps from unknown sources. Go to Settings → Security.
- Verify app permissions before installing apps. despite its downloaded from official Google Play.
- ITrustworthy antivirus apps from a well-known company. That is able to detect and block such malware from entering your device.
- Always keep your system as well as your apps up-to-date.
