Security & Fraud

Faketoken Mobile Banking Trojan Threat Evolves

Faketoken Mobile Trojan

Kaspersky Lab announced that the mobile banking Trojan known as Faketoken has now modified to include a data encryption capability. The Trojan is estimated to be attacking more than 2,000 financial applications across the globe.

“We have managed to detect several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016. According to our information, the number of this banker’s victims exceeds 16,000 users in 27 countries, with most located in Russia, Ukraine, Germany and Thailand,” Roman Unuchek, a mobile threats expert at Kaspersky Lab, said in a blog post.

“Trojan-Banker.AndroidOS.Faketoken is distributed under the guise of various programs and games, often imitating Adobe Flash Player,” he continued.

Even if the latest version of the Android operating system is installed on the device, the modified Trojan is still capable of stealing user data because it can interact directly with the protection mechanisms within the OS.

According to Kaspersky Lab, the newly added data-encryption capability is quite unusual because it uses an encryption algorithm that can, in some cases, potentially be decrypted by the user without paying a ransom. This because the majority of mobile ransomware focuses on blocking the device rather than the data.

“Once the Trojan becomes active, it requests administrator rights. If the user denies the request, Faketoken repeatedly refreshes the window asking for these rights, which leaves the victim with little choice,” Unuchek said.

“Once it has received administrator rights, Faketoken starts requesting the necessary permissions: to access the user’s text messages, files and contacts, to send text messages and make calls. These requests will also be repeatedly displayed until the user agrees to provide access.”


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

Click to comment