A new piece of Android malware, dubbed Fakedtoken is able to quietly steal victims’ details when they enter them into apps, as well as spy on their texts and phone calls, according to a blog post from Kaspersky
Fakedtoken has been evolving over the last year and growing increasingly sophisticated. It began as a banking trojan that intercepted texts to steal two-factor authentication codes. Today, Kaspersky’s researchers say they suspect it spreads via bulk SMS text message to potential victims, asking them to download some pictures.
Once installed it hides its icon and places a covert overlay over “several banking and miscellaneous applications, such as Android Pay, Google Play Store, and apps for paying for traffic tickets and booking flights, hotel rooms and taxis.”
If the victim enters their card details into any of those apps, they fall into the hands of the malware’s unidentified operators — opening them up to the risk of fraud and identify theft.
The malware can even intercept SMS messages, meaning it can get around the two-factor authentication required by some banks to authorise payments and transfers.
The threat of Fakedtoken appears (for now) to be largely limited to Russian and ex-Soviet countries, the researchers wrote: “To this day we still have not registered a large number of attacks with the Faketoken sample, and we are inclined to believe that this is one of its test versions. According to the list of attacked applications, the Russian UI of the overlays, and the Russian language in the code, Faketoken.q is focused on attacking users from Russia and CIS countries.”
But it is nonetheless an example of evolving threats facing smartphone users trying to keep their data safe.
Security experts recommend that Android smartphone users should not install apps from third-party sources or download unknown files. By default, Android phones only allow users to install apps from the official Google Play Store.