A new strain of a tried and true malware has been uncovered. How long before it travels outside of it’s homeland?
Faketoken is a Trojan banking malware that has been around for some time. The malware has been continued to be developed and keeps gaining new abilities. The newest version of the malware, dubbed “Faketoken.q” has now been uncovered in Russia. While it hasn’t been witnessed outside of the country, malware tends to ignore borders for profit.
This new version is going after taxi and ride sharing apps for the moment. Currently the attack takes place through SMS text messages which urges the user to download a photo file. This of course is not a photo file, instead it is the beginning of this Trojan attack. Once downloaded, it begins installing it’s required modules, hides it’s shortcut icon, and begins recording all phone calls. These recordings get sent back to the malware server.
The malware then begins to identify the apps on the phone. When the user opens a ride sharing or taxi app, the malware overlays it’s own matching screen on to the phone, asking for the user’s credit card information. Now, one would think that would be enough of a trigger for the user, but many times, legitimate apps tend to forget our information and we have grown accustomed to having to enter it sometimes. This credit information is of course sent directly to the malware servers.
The next step of the malware is to intercept SMS messages. This is done so that payment confirmation and password reset messages go to the criminal instead of the user.
While nothing here is really unusual in terms of banking malware, it’s quite frustrating that this type of malware has been around for so long, and continues to grow. By now, we would think that users would think twice before downloading questionable content, but many do not. It’s great to see that companies such as BlackBerry focus on security, and provide an example to other companies. We are even now seeing Google begin to focus on user security. Malware creators will soon have to step up their game to continue. Unfortunately, they seem up to the challenge.