Kaspersky Lab Finds New Version Of Faketoken Aimed At Ride Hailing Customers

Kaspersky Lab announced Thursday (Aug. 17) it has discovered a new modification of the Faketoken Android Trojan, a mobile banking Trojan that can steal credentials from popular ride hailing applications.

In a news release, a researcher announced that based on the results of Kaspersky Lab’s research, cybercriminals are using the malware to go after the most popular international taxi app and ridesharing app services.

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ridesharing services, means that the developers of these services may want to start paying more attention to the protection of their users,” Viktor Chebyshev, security expert at Kaspersky Lab, said in the news release. 

He also shared his thoughts on a renewed need for increased cybersecurity.

“The banking industry is familiar with fraud schemes, and its solution of implementing security technologies in apps has significantly reduced the risk of theft of critical financial data,” Chebyshev said. “Perhaps now it is time for other services that are working with financial data to follow suit. The new version of Faketoken targets mostly Russian users; however, the geography of attacks could easily be extended, like we have seen with previous versions of Faketoken.”

According to the security firm, mobile app services are storing financial data, including taxi spp services and ridesharing apps, requiring the user’s bank card information. These apps are installed on millions of Android devices worldwide, making them attractive targets for hackers.

The new iteration of the Faketoken Android Trojan performs live tracking of apps, and when a user runs a specified app, the Trojan overlays it with a phishing window to steal the victim’s bank card details, Kaspersky Lab said in the press release.

“Faketoken has an identical interface, with the same color schemes and logos, which creates an instant and completely invisible overlay,” the company noted.

The Trojan also steals all incoming text messages and redirects them, enabling the bad guys to get their hands on one-time verification passwords sent by a bank, or other messages sent by taxi and ride-sharing services, Kaspersky Lab advised.