Security & Fraud

Kaspersky Lab Finds New Version Of Faketoken Aimed At Ride Hailing Customers

Kaspersky Lab announced Thursday (Aug. 17) it has discovered a new modification of the Faketoken Android Trojan, a mobile banking Trojan that can steal credentials from popular ride hailing applications.

In a news release, a researcher announced that based on the results of Kaspersky Lab’s research, cybercriminals are using the malware to go after the most popular international taxi app and ridesharing app services.

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ridesharing services, means that the developers of these services may want to start paying more attention to the protection of their users,” Viktor Chebyshev, security expert at Kaspersky Lab, said in the news release. 

He also shared his thoughts on a renewed need for increased cybersecurity.

"The banking industry is familiar with fraud schemes, and its solution of implementing security technologies in apps has significantly reduced the risk of theft of critical financial data," Chebyshev said. "Perhaps now it is time for other services that are working with financial data to follow suit. The new version of Faketoken targets mostly Russian users; however, the geography of attacks could easily be extended, like we have seen with previous versions of Faketoken.”

According to the security firm, mobile app services are storing financial data, including taxi spp services and ridesharing apps, requiring the user’s bank card information. These apps are installed on millions of Android devices worldwide, making them attractive targets for hackers.

The new iteration of the Faketoken Android Trojan performs live tracking of apps, and when a user runs a specified app, the Trojan overlays it with a phishing window to steal the victim’s bank card details, Kaspersky Lab said in the press release.

“Faketoken has an identical interface, with the same color schemes and logos, which creates an instant and completely invisible overlay,” the company noted.

The Trojan also steals all incoming text messages and redirects them, enabling the bad guys to get their hands on one-time verification passwords sent by a bank, or other messages sent by taxi and ride-sharing services, Kaspersky Lab advised.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment