Mobile Trojans Now Can Target Apps That Requires Card Payments

The mobile banking trojan which has recently been upgraded by having an additional ramsomware features to capture sensitive data and create a lock-down with the user files simultaneous has had another upgrade where it will be able to steal credentials from most of the booking apps such as uber.

The Kaspersky Lab researchers have made a discovery where a new flavor of Android banking Trojan which is to be know as Fake-token which has a greater capability whit its new upgrade to perform tasks such as record and detect calls and display overlays of taxi booking apps so that the user info could be stolen

Dubbed Fake-token.q, the new flavor which the mobile trojan is being seeded around using bulk SMS messages as their medium of attack vector which will prompt the mobile user to download malware an image form which the users will not realize.

Malware Spy over Telephone Conversations

When this specific malware is downloaded and installed it will self create the necessary modules and payloads, which creates a discreet icon and will automatically record all the from apps that is being launched by the user to the calls made and received.

When a User makes a call or does he receive a call from any phone number to the users device, this trojan will recored the conversation and send the recording to the attackers server.

This Malware Faketoken.q will also run a scan to see which apps are being used by the user and once the info i gathered the trojan will see if it can stimulate the app if so it will create a fake UI and start recording the activities.

For the trojan to process this successfully it uses the same standard of which the Android feature that is being used by a set of legitimate apps, such as Messenger,Twitter,Facebook,Windows Manager and other Applications. Which will then show the overlays over all the other applications.

Once this interface is created the user will enter the payment details, which includes the banks verification code, as usual without know that its a fake interface which then is used by the attacker for criminal transactions.

The abality of Faketoken.q have the power of overlaying numerous Banking apps and also other applications, as such:

Android Payment App
Play Store
Hotels and Flight booking and payment apps
Taxi booking apps

And more over for a proper authentication the attacker would need to have access to the SMS sent by the bank and this is where the malware comes into play by stealing the SMS code sent by the bank and sending it to the attackers
Command-Control(C&C) Servers for a complete transactions.

Researchers from Kaspersky have reported that this particular trojan/malware is targeting Russian-users, because it has the only ability to run with Russian language on the UI.

Methods for Protection from these Android Trojans/Malware

Most efficient way to secure yourself from such banking Trojans is to download is to give authorizations to install app from other sources other that play store or downloading app links sent through mails or messages.

You can also secure your device by going to Setting -> Allow Installations of app from Sources other than Play-Store.

As the next level of Security make sure that you verify app permissions before installation, it could either be from other source or from Play-Store and if you feel that the permission required is more that what it's supposed to have don't install.

Its always better to have an anti-virus software which has a higher user rating so that it can block these kind of malware and time to time make sure that your apps are up to date.