Mobile banking malware Faketoken Evolves

  • 0

Mobile banking malware Faketoken Evolves

android-malware-image

More than 2,000 Android financial apps are at risk from a modification to mobile banking malware Faketoken which can encrypt user data to extort a ransom from the user. The Trojan is capable of interacting with operating system protection mechanisms. Faketoken is distributed under the guise of various programs and games, often imitating Adobe Flash Player.

Once it has received administrator rights, Faketoken starts requesting the necessary permissions: to access the user’s text messages, files and contacts, to send text messages and make calls. These requests will also be repeatedly displayed until the user agrees to provide access. This allows Faketoken to intercept texts that your bank would send as part of their two-factor authentication safeguards. And that’s how the criminals can gain access to your account and transfer money out of it!

The Trojan will display various phishing messages and If clicked, the Trojan opens a phishing page aimed at stealing passwords from Gmail accounts. It also overlays the original Gmail app with one appearing to have the same purpose. But it’s not just passwords that are targeted by the Trojan. It also overlays the Google Play app with a phishing window aimed at stealing debit and credit card details.

The Trojan has encryption capabilities for both media files (pictures, music, videos) and documents. The Trojan changes the extension of the encrypted files to .cat. Faketoken uses an AES encryption algorithm to encrypt the files, which can be decrypted without paying a ransom.

For more information check the link Kaspersky Lab.