Faketoken
Faketoken is an old Android Trojan that has been around since 2017 – however, the project is still maintained today, and its authors release regular updates that allow Faketoken to evade security measures, as well as cause more problems for its victims. The most recent iterations of the Faketoken Trojan have features typical for mobile banking Trojans, as well as for spyware utilities. The threat is often being spread via phishing text messages that urge the smartphone's owner to download and run a harmful application. In other cases, copies of the Faketoken Trojan may be spread via 3rd-party application stores whose security is not good enough. It is recommended to stick to installing mobile applications from trustworthy sources, as well as invest in a reputable mobile security application – these are the best ways to prevent threats like the Faketoken from infiltrating your smartphone or tablet.
Faketoken Specializes in Collecting Bank Account Details
The primary purpose of Faketoken is to obtain banking details from its victims by simulating the interface of popular applications associated with messaging services, social media, banking, and even taxi-calling applications. The Trojan supports a wide range for overlays, and one of the newest overlays added to its arsenal is used by a taxi-booking application that is very popular in Russia. When the Trojan detects that this application is running, it will display an overlay that looks like the original application and prompts the users to confirm their credit card data. If the users do not spot the scheme, they may end up giving out their banking details to the attackers unintentionally. The Faketoken Trojan uses the same strategy when it detects an attempt to load a messaging or banking application that it has a fake overlay for.
The Faketoken Trojan also has some spyware features that allow it to monitor the user's phone activity, and record inbound or outbound calls. Furthermore, it can intercept text messages, collect their contents, and delete any traces of them before they are seen by the victim. This allows the attackers to hide the bank's text message notifications about the fraudulent transactions and prevents the victim from discovering the fraud.
There are multiple versions of the Faketoken Trojan active in the wild, and all of them appear to go after applications popular in different regions. It seems that the authors of the Faketoken banking Trojan are not targeting a specific country or region and, instead, they are trying to widen the reach of their malware as much as possible.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.