In the past ten years, phones have increasingly become an indispensable part of our life. Thanks to millions of applications, people can get several things done such as hail a cab, transfer money, order food and get any service delivered with just a few clicks on the mobile screen. However, cybercriminals are coming up with malicious ideas to prey on naive users to steal their financial credentials or sensitive information for ransom.
Now, Faketoken, an old banking trojan, which had made headlines in 2014 for siphoning off bank accounts through victim’s infected PCs, is back with a vengeance in a full-fledged mobile malware avatar.
Kaspersky Labs have revealed that the Faketoken mobile trojan is now capable of mimicking top banking apps, top e-wallets including Google Pay, cab-hailing apps to trick users divulge bank account login details.
During the recent routine ‘Botnet Attack Tracking’ surveillance, Kaspersky Labs has discovered a new behaviour in Faketoken. The latter is now capable of taking over the victim’s mobile and send offensive SMSs to random people in global regions.
What’s bizarre is that the Faketoken makes sure the user has enough money in the bank account and sends messages to international numbers so that he/she gets a hefty phone bill.
“SMS capability is, in fact, standard equipment for mobile malware apps, many of which spread through download links they send to victims’ contacts. In addition, banking Trojans often ask to become the default SMS application so they can intercept confirmation code messages. But for banking malware to turn into a mass texting tool? We had never seen that before,” Kaspersky Labs said.
So far, 5000 smartphone users are affected by Faketoken malware around the world.
Here’s how to safeguard your phone from malware and trojans like Faketoken:
1) Whether you have an Android mobile or iOS-based iPhone, always stay updated with the latest software. Both Google and Apple send regularly send firmware — especially security patches monthly or on a priority basis, whenever they detect threats. So, make sure you install the latest software.
2) Another good practice is to install a premium Antivirus software on mobile, which offers 24×7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a shady website
3) Never ever open emails or SMS and click URL links sent from unknown senders
4) Also, never install apps from unfamiliar publishers.
5) Always download apps from Google Play or Apple App store only. Never install from any third-party app store.