Kaspersky Lab reports a new version of Android malware dubbed Faketoken which poses a huge threat to the apps which stores bank credentials for in-app purchases.
Kaspersky Lab reports a new type of Android malware dubbed Faketoken which is a huge threat to the apps which stores bank credentials for in-app purchases.The malware was first discovered a year ago; now it has been modified to record calls, intercept applications, and redirect messages. When we open an application, the malware opens a fake phishing window which overlaps the original window, and our banking credentials will be out in no time. It is said that over 2000 apps can be screen overlapped using this malware.Some of the major apps which Faketoken can overlap using a fake phishing screen are those Apps for booking taxis such as Uber, Android pay, Google play store.The malware is spread through bulk SMS messages with the instruction to download an image, which will then allow malware to be installed on your device and it hides.
The malware starts its mission initially by monitoring the installed applications. The malware also records the calls and text messages which are sent and received. By intercepting the text messages, it can bypass the Two Factor Authentication (2FA) and gain full access. According to the reports, the malware targets Russian users or the devices which use the Russian languages as their user interface.
To prevent your smartphone from infection, do follow the instructions below:
- Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
- Don’t download attachments from unknown sources.
- Use google play or app store to install apps, don’t use any third party app stores.
- Download apps from verified developers and check their app rating and download counts before installing an app.
- Verify app permission before installing an app.
- Install the best and updated antivirus/anti-malware software which can detect and block these type of malware.