Researchers recently discovered an updated version of mobile banking trojan FakeToken after detecting around 5,000 smartphones sending offensive text messages overseas. They noted the unusual development this malware has taken, compared to its previously reported update that disguised itself as a ride-hailing app capable of stealing personally identifiable information (PII) as well as its expanded ransomware capabilities. However, it is still capable of inflicting losses as it obtains access and information from victims’ bank accounts, as well as use its funds to send messages. Users are cautioned on the apps they download as this malware’s behavior undergoes further observation and monitoring.
Once the malware infects an unprotected Android device, FakeToken confirms the smartphone’s default SMS application and function. It is able to send and intercept text messages such as 2FA codes or tokens, as well as scan through the victim’s contacts to possibly send phishing messages or gathered information to its command and control (C&C) server. Kaspersky researchers noted that FakeToken scans the victim’s bank accounts to see if it has sufficient funds and uses the account to make sure the mobile account is sufficiently funded before sending messaging overseas.
Given the simultaneous and massive scale of messages it sends to other countries, the victims shoulder significant financial losses from the unauthorized messaging to foreign numbers. Moreover, the victims’ phone numbers may potentially be blacklisted by spam blocking apps, or banned by their respective telecommunications operators as a spam source. While taken as an unusual development for a banking trojan, security researchers will continue monitoring and observing this campaign. It might still be in its testing and development phase, or this recent deployment might be showing a growing trend in banking trojan campaigns. Users can follow some of these best practices to protect their mobile devices from these kinds of threats:
Download applications only from authorized platforms and legitimate developers.
Avoid connecting to unsecure and public networks.
Regularly download updates for the smartphone’s operating systems and installed apps.