Android Banking Trojan Faketoken Now Also Messages Premium Rate Phone Numbers

Rampage attack

Amidst all the new malware that emerge every day, some old viruses also reappear after being revamped. One such example is the revamped Faketoken Android banking Trojan which now also hijacks devices to send SMS messages to premium foreign numbers.

Faketoken Android Banking Trojan Overview

Researchers from Kaspersky have discovered some old malware active in the wild again. Identified as Faketoken, the old Android banking trojan is now back with more malicious functionality.

The malware first emerged several years ago and was among the most widespread banking trojans in 2014. At that time, Faketoken meddled with the device-messaging only once to proceed with fraudulent transactions.

However, in 2016, it became more sophisticated in stealing money, as it overlaid apps to steal users’ bank account credentials. At the same time, it also served as ransomware by encrypting the device data.  Whereas, in the following year, it emerged whilst impersonating popular e-wallets and mobile banking apps to bluff users.

Hijacking Phone For Sending SMS

Elaborating on their findings in a blog post, the researchers stated that their ‘Botnet Attack Tracking’ system recently found at least 5000 devices infected with Faketoken. They found all these devices involved in sending text messages. The researchers considered this behavior ‘unusual’ for a banking trojan.

Scratching the surface revealed that the typical banking trojan has now emerged as an even more malicious virus. Faketoken now hijacks the victim devices to send messages to premium rate numbers. Whereas, in case of lack of balance, the attackers behind the malware can top up the victim mobile account through their bank account. Such messages will further cost the victim as the researchers found most messages being sent to foreign numbers.

While, for now, it is unclear as to how Faketoken is targeting devices. Nonetheless, the usual precautions, which are avoiding downloads from third-party app stores, avoiding URLs received via SMS messages, reviewing app permissions, and empowering devices with robust mobile antivirus tools can help the Android users stay safe.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil