Infamous banking trojan, Faketoken, is back with a bang.

A big deal back in 2012, Faketoken has resurfaced and is fast becoming notorious for the recently added fraudulent ransomware features so it can steal sensitive data such as credit card information by masquerading as official app screens.

The new variant, dubbed ‘Faketoken.q’, works by inserting a fake bank payment page over an official app just as a user is about to complete a financial transaction, and then steals the credit card information using a phishing page.

Faketoken.q works by inserting a fake bank payment page over an official app just as a user is about to complete a financial transaction, and then steals the credit card information using a phishing page.

Ah the good old days, when criminals used to have to mug you and threaten you with physical violence to get your money. You can’t beat nostalgia.

SMS

Faketoken.q is being spread by its creators using mass distributed SMS messages, prompting its victims to download an image file but also downloads, and then installs Faketoken.q by the backdoor. The malware  then hides its shortcut icon, and quietly monitors everything on the infected Android device, from web-pages visited, to calls made, to what apps are used.

Looks legit

The Trojan gets away with a lot by simply using the same standard Android features that are legitimately used by official ‘real’ apps such as Uber, Facebook, and hundreds of other essential Android apps to show screen overlays on top of all other apps.

So far, so what?

This is where the Faketoken.q fraudsters get smart.

Before making a payment on your Android device, for example paying for an Uber, banks require an SMS code to be sent to authorise a transactions. But Faketoken.q ‘steals’ the incoming messages and forwards them on directly to the fraudsters computer servers, giving them the ability to rip its victims off, and steal their money.

Crucially, victims are often left in the dark until it is too late, and their money is gone.

As far as criminal smarts go, this one is quite good, especially as it utilises legitimate parts of the Android operating sytem to enable and hide their activity.

While Faketoken.q’s blanket mass targeting  approach for theft is a bit seen-it-all-before, it does pose a significant risk for millions of Android users. Uber app installations from Google Play, alone, are between 100 and 500 million.

OMG, how do I stop it happening to me?

Fortunately, stopping Faketoken.q is relatively straightforward. Only download apps directly from Google Play, and avoid downloading from links, text messages, and third party sites.  Secondly, make sure you go to Settings,Security and that the “Unknown sources” option is turned off. And finally make sure you have an antivirus app installed, and that you download and install updates regularly.

Care about your cybersecurity? So do we! Download the latest security software now, for free, here on FileHippo.