Faketoken Android Malware Tracking SMS Messages From Your Bank
A new Android malware is on the block.
A new Android malware is on the block and it’s proving to be incredibly aggressive and malicious. The new malware is called Faketoken and it can track data through over 2,000 different apps.
Faketoken was originally discovered a year ago, but it’s recently popped up again with a wave of new reports hitting the Google Play Store.
Faketoken uses unique techniques to grab user data by creating an invisible overlay that creates a layer over anything the infected user interacts with. Faketoken will hide in applications, so the user will not know that they’ve been infected.
Once the Faketoken malware is installed, all activity can be tracked. Passwords that have been entered can be recorded, SMS tracking techniques are used to browse through your private messages, and perhaps even worse, Faketoken can track your bank logins.
Once Faketoken has used its overlay to find out your bank login details, it can then log into your online banking account remotely. If you use two-factor authentication, Faketoken can scour your emails and your SMS messages to find the authentication code. It can even go through any 2FA apps you may have installed to find the codes it needs to access your bank account.
Faketoken will also grab your bank details any time you enter your details into a payment processor in any of the 2,000 apps it can monitor. At this point, it’s very clear that Faketoken has been specifically designed to steal user’s bank details and to then use this information to purchase items with your account or to strip your account of its funds.
Kaspersky Lab has recently made a statement on the Faketoken Android malware. It has stated that the malware is still in its infancy, but as always, users should avoid downloading apps from third party sources.
There are a number of other techniques that Android smartphone owners can use to keep themselves protected against such dangerous malware.
Firstly, like mentioned above, you should always download apps from trusted sources. If you can, try to only download apps from the Google Play Store.
Secondly, regardless of where you download the app, make sure to only give the app permission to certain features if you know it needs it. In this case, giving an app permission to draw over other apps is unnecessary for most apps. If you see this app permission on an app that isn’t trusted, you should almost certainly deny the permission and then delete the app.
When it comes to 2-factor authentication, you should avoid having your secondary authentication on the same device you use to log into your accounts.
For example, if you have a 2-factor authentication app on your smartphone for your online banking account, log into your bank account from your PC. This way, if malware is on your smartphone or your PC, the malware won’t be able to access the other device to gain access to the 2-factor authentication.
Fortunately, future versions of Android will have better safety features for apps that can draw over other apps. The new Android Oreo update will include such safety features.