New Faketoken Trojan Variant Sends Mass Texts to Premium-rate Cell Numbers

• It’s unclear as to how Faketoken is targeting devices, and for how long these attacks may continue.
• Do not follow or click on the links from unknown senders, and also watch out for links from the people you know.

Faketoken Android banking trojan has reappeared after being revamped. Kaspersky researchers have detected some 5,000 smartphones infected by Faketoken that had started sending offensive text messages.

What happened?

The cooks behind Faketoken Trojan have begun hijacking users’ devices and sending SMS messages to premium foreign numbers.

Researchers found that many of the infected smartphones were made to text a foreign number, the cost of which was borne by the owners of the infected devices.

The evolution of Faketoken

The Faketoken Trojan has existed for a long time, and it has been upgraded for many years.

• Kaspersky had reported that malware as one of the most widespread banking trojans in 2014. Then, it could only intercepted text messages with one-time passwords (OPTs) during its joint efforts with desktop banking Trojans to steal money.
• In 2016, it acquired the ability to become a full-fledged mobile banking Trojan; it could now steal users’ bank account credentials. At the same time, it also served as ransomware by locking systems and encrypting the device data.
• By 2017, Faketoken could mimic popular e-wallets and banking apps, and even taxi service apps for payment of fines and penalties—to steal bank account data.

Protection tips

So far, it’s unclear as to how Faketoken is targeting devices, and for how long these attacks may continue. But, to avoid getting ensnared, users should follow the below-mentioned tips.

• Install only apps verified by Google Play.
• Set the phone’s settings to disable the downloading of apps from untrusted sources.
• Do not follow or click on the links from unknown senders, and also watch out for links from the people you know.
• Protect devices with robust mobile antivirus tools.