Mobile Banking Trojan FakeToken Resurfaces, Sends Offensive Messages Overseas from Victims’ Accounts
Researchers recently discovered an updated version of mobile banking trojan FakeToken after detecting around 5,000 smartphones sending offensive text messages overseas. They noted the unusual development this malware has taken, compared to its previously reported update that disguised itself as a ride-hailing app capable of stealing personally identifiable information (PII) as well as its expanded ransomware capabilities. However, it is still capable of inflicting losses as it obtains access and information from victims’ bank accounts, as well as use its funds to send messages. Users are cautioned on the apps they download as this malware’s behavior undergoes further observation and monitoring.
[Read: Ginp trojan targets Android banking app users, steal login credentials and credit card details]
Once the malware infects an unprotected Android device, FakeToken confirms the smartphone’s default SMS application and function. It is able to send and intercept text messages such as 2FA codes or tokens, as well as scan through the victim’s contacts to possibly send phishing messages or gathered information to its command and control (C&C) server. Kaspersky researchers noted that FakeToken scans the victim’s bank accounts to see if it has sufficient funds and uses the account to make sure the mobile account is sufficiently funded before sending messaging overseas.
[Read: Mobile security: 80% of Android apps now encrypt network traffic by default]
Given the simultaneous and massive scale of messages it sends to other countries, the victims shoulder significant financial losses from the unauthorized messaging to foreign numbers. Moreover, the victims’ phone numbers may potentially be blacklisted by spam blocking apps, or banned by their respective telecommunications operators as a spam source. While taken as an unusual development for a banking trojan, security researchers will continue monitoring and observing this campaign. It might still be in its testing and development phase, or this recent deployment might be showing a growing trend in banking trojan campaigns. Users can follow some of these best practices to protect their mobile devices from these kinds of threats:
- Download applications only from authorized platforms and legitimate developers.
- Avoid connecting to unsecure and public networks.
- Regularly download updates for the smartphone’s operating systems and installed apps.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases