1. Security
August 21, 2017

What is Faketoken, the latest Android malware trying to steal your bank details?

By Luke Christou

SonicSpy, GhostCtrl, Svpeng, SLocker, Triada, Invisible Man. Those are just some of the large number of harmful applications that have wreaked havoc on Android devices over the years.

As Google’s operating system struggles to cope with the onslaught of malware attacks hitting its devices, cyber security company Kaspersky have identified yet another threat.

The Faketoken malware first emerged last year, but recent updates to its codes have made it an even greater threat.

What is Faketoken?

Faketoken is a malware application which targets Android devices.

The trojan uses SMS messages to spread. Phone users are hit with a number of texts which encourage them to download an image.

The Faketoken application is installed when this file is opened. It then hides itself in order to avoid detection. The app begins to monitor the phone’s usage immediately.

If left undetected, the malware is able to record your phone calls, read and store your text messages and alter what you see when you open certain apps.

Faketoken - Verdict

What is the purpose of Faketoken?

As is usually the case with these sorts of applications, Faketoken aims to gain access to your banking accounts and steal your money.

It does this by overlaying opened apps with its own payment information screen, which encourages users to type in their payment card number, expiry date and CVC number.

The virus’ creator has specifically set it to target particular apps. Kaspersky found it to be spoofing online banking apps last year, with ride-hailing, flight booking, hotel booking and parking ticket apps among its latest targets.

In total, Kaspersky estimates that up to 2,000 apps are now affected by Faketoken.

Incredibly, Faketoken adjusts the appearance of its overlay to match the colour scheme of the app, which helps the software to avoid detection.

Faketoken - Verdict

Of course, with two-factor authentication rising in popularity, the malware is able to intercept phone calls and text messages in order to get past these security features.

How to avoid falling victim to Faketoken

For the moment, Kaspersky have reported that the majority of Faketoken attacks have occurred in Russia. However, these applications tend to spread rapidly around the globe once unleashed.

Although, it is easy to avoid falling victim to these viruses.

For example, Android devices contain a setting which blocks apps from being installed from unknown sources. This is the easiest and most secure way to keep your device safe.

To turn this on, go to Settings -> Security and uncheck the “Unknown sources” permission.

Unchecking this setting will stop you from installing files from unofficial app stores. However, that isn’t necessarily a bad thing. These marketplaces are usually the main culprits in the spread of harmful applications. It is therefore best to avoid them.

Likewise, always check and question the permissions required by an app before installing it. If there is no reasonable explanation for why the app would need certain permission, don’t accept.

You should also install a mobile security application. This will scan your device for any harmful software currently lurking in your device, while also warning you if you’re about to download a potentially harmful file.

Popular choices include AVL Pro Antivirus & Security and Avast Antivirus & Security.