Kaspersky lab finds year-old Android malware

By Balamurugan Selvaraj Published on Aug 22, 2017 04:59 PM IST

A few weeks back, researchers at Kaspersky lab found traces of a year-old Android Trojan spreading through messages. Called Faketoken.q, it spread fast through bulk short messages. It is learnt that this Trojan has been bow modified in terms of target and action by its new developer. Beside the actions of Trojan, this malware loots data by generating fake user interface in an app by overlaying it.

According to the researchers, this newly developed banking Trojan steals user credentials using fake banking webpage overlaying on the top of taxi booking apps available in the Play Store. Apart from that it is also programmed to record infected victim's phone conversations and user credentials in taxi booking apps and transfers it to the attacker's server, as soon as it connects with Internet.

How it works

Faketoken.q spreads through bulk SMS messages incorporated with malicious link, that prompts the victims to download image file. The malicious Trojan lies inside the image. As soon the image is downloaded, Trojan infects the device silently and installs necessary modules and payloads on victim's device and monitors the apps installed on device. It also spies on user's action in app usage and creates fake interface for the app, where user enters credentials to access.

As per the recent reports, apart from taxi booking app, banking apps including Android pay, apps used for booking tickets and other widely used apps are open to this Trojan attack. For safety's sake avoid downloading apps from third party sites and unknown sources. Also, check with Android permission options in settings tab. Avoid giving user access and permission to access the device to unknown apps.