Categories: Security

Faketoken Mobile Banking Trojan Targets 2,000 Android Apps

Kaspersky Lab has discovered a modification of the mobile banking trojan Faketoken which can encrypt user data, disguise itself as various programmes and games and steal credentials from more than 2,000 financial Android apps.

The modified trojan has so far claimed over 16,000 victims in 27 countries, with the most located in Russia, Ukraine, Germany and Thailand.

The data encryption capability is unlike that of most mobile ransomware variations in that it blocks the data itself rather than the device. The data – including documents and media files such as pictures and videos – is encrypted using an AES symmetric encryption algorithm that can sometimes be decrypted by the user without having to pay a ransom.

Data encryption

During the initial infection process, the Trojan demands administrator rights, permission to overlay other apps or to be a default SMS application, often leaving users with little or no choice but to comply. These rights enable Faketoken to steal data, both directly like contacts and files, as well as indirectly through the likes of phishing pages.

Once all the necessary rights are in place, it downloads a database from its command and control server containing phrases in 77 languages for different device localisations. These are used to create phishing messages to seize passwords from users’ Gmail accounts. The Trojan can also overlay the Google Play Store, presenting a phishing page to steal credit card details.

“The latest modification of the Faketoken mobile banking Trojan is interesting in that some of the new features appear to provide limited additional benefit for the attackers,” said Roman Unuchek, senior malware analyst at Kaspersky Lab.

“That doesn’t mean we shouldn’t take them seriously. They may represent the groundwork for future developments, or reveal the ongoing innovation of an ever-evolving and successful malware family. In exposing the threat, we can neutralise it, and help to keep people, their devices and their data safe.”

To protect against the Faketoken trojan, Kaspersky Lab recommends carrying out regular data backups and making sure up-to-date antimalware solutions are installed on all devices.

The number of trojan threats in circulation has grown significantly in 2016, with banking being a popular target through the likes of Dridex which was discovered by IBM X-Force at the beginning of the year and a trojan dubbed Odinaff which defrauds financial institutions by gaining control over their systems and networks.

Quiz: What do you know about cybersecurity in 2016?

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago