While the Faketoken Trojan, the malware in question, has been around for quite some time, it has gotten more sophisticated as time has passed. Kaspersky calls the latest iteration of the malware “Faketoken.q,” and notes that the Trojan generally infects smartphones through bulk SMS messages with a prompt to download images. Once its necessary modules have been installed, the Trojan begins monitoring everything that happens on your phone.
“When Faketoken detects the launch of an app whose interface it can simulate, the Trojan immediately overlays the app with its own screen,” Kaspersky writes. “To achieve that, it uses a standard Android feature that supports showing screen overlays on top of all other apps. A whole bunch of legitimate apps, such as messengers, window managers, and so on, use this feature.”
The fallacious window looks just like your original app’s interface, but instead of proceeding as normal, the Trojan asks you to enter credit card information. And from there, well … we know how the rest goes.
Apparently, a number of apps have been attacked in this way, including mobile banking apps, Android Pay, the Google Play store, flight and hotel booking apps, and of course, ridesharing apps.
As it stands, it appears that the Trojan is largely relegated to users in Russia, but it may not be long before the malware comes our way, too. To protect yourself from any nefarious activity, Kaspersky recommends that you go into Android settings and prevent the installation of apps from unknown sources. Go to Settings, then Security, and then uncheck Unknown sources.
You should also pay close mind to the permissions an app requests prior to installation, even if you download the app from an ostensibly safe source (like Google Play). Finally, you might consider installing antivirus on your phone.
