Mobile Banking Trojan FakeToken Resurfaces, Sends Offensive Messages Overseas from Victims’ Accounts

faketoken sms banking trojan mobileResearchers recently discovered an updated version of mobile banking trojan FakeToken after detecting around 5,000 smartphones sending offensive text messages overseas. They noted the unusual development this malware has taken, compared to its previously reported update that disguised itself as a ride-hailing app capable of stealing personally identifiable information (PII) as well as its expanded ransomware capabilities. However, it is still capable of inflicting losses as it obtains access and information from victims’ bank accounts, as well as use its funds to send messages. Users are cautioned on the apps they download as this malware’s behavior undergoes further observation and monitoring.

[Read: Ginp trojan targets Android banking app users, steal login credentials and credit card details]

Once the malware infects an unprotected Android device, FakeToken confirms the smartphone’s default SMS application and function. It is able to send and intercept text messages such as 2FA codes or tokens, as well as scan through the victim’s contacts to possibly send phishing messages or gathered information to its command and control (C&C) server. Kaspersky researchers noted that FakeToken scans the victim’s bank accounts to see if it has sufficient funds and uses the account to make sure the mobile account is sufficiently funded before sending messaging overseas.

[Read: Mobile security: 80% of Android apps now encrypt network traffic by default]

Given the simultaneous and massive scale of messages it sends to other countries, the victims shoulder significant financial losses from the unauthorized messaging to foreign numbers. Moreover, the victims’ phone numbers may potentially be blacklisted by spam blocking apps, or banned by their respective telecommunications operators as a spam source. While taken as an unusual development for a banking trojan, security researchers will continue monitoring and observing this campaign. It might still be in its testing and development phase, or this recent deployment might be showing a growing trend in banking trojan campaigns. Users can follow some of these best practices to protect their mobile devices from these kinds of threats:

  • Download applications only from authorized platforms and legitimate developers.
  • Avoid connecting to unsecure and public networks.
  • Regularly download updates for the smartphone’s operating systems and installed apps.
Users and enterprises can take advantage of multilayered mobile security such as the Trend Micro™ Mobile Security for Android™ solution. Trend Micro Mobile Security for Enterprise provides device, compliance and application management, data protection, and configuration provisioning, as well as protects devices from attacks that exploit vulnerabilities, prevents malicious and unauthorized access to apps, and detects and blocks malware and fraudulent websites. Trend Micro’s Mobile App Reputation Service (MARS) covers Android threats using leading sandbox and machine learning technologies, protecting devices against malware, zero-day and known exploits, malicious apps, privacy leaks, and application vulnerabilities.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.