FakeToken Mobile Trojan (a backdoor application that gives a hacker full remote access to a victim’s device) that had hit Android users back in March 2012 as a banking OTP/MSTN stealer disguised as a fake banking token generator and then reappeared as a mobile ransomware in March 2016 is back again and this time it is targeting users of famous taxi services including UBER. The trojan places a fake bank page over the app just when a victim is about to do a transaction and then steals the credit card information using the phishing page.
FakeToken, further snoops on its victim via recording calls, stealing SMSs & contacts along with other critical user data.
Comments from Ankush Johar, Director at HumanFirewall.io, a leading provider of human information security awareness and preparedness solutions. “Smart devices aren’t that smart indeed. Surely not secure. Humans are the weakest link in cybersecurity. Cybercriminals leverage the fact that everyone has a mobile device today. This mobile trojan is lethal, in that it is able to take full control of the device, and steal critical information like banking credentials, contacts, etc and even record your calls! Don’t give apps more permission than they require, Don’t download apps from untrusted sources and think before you click! These 3 tips should hold you in good stead.”
Some simple tips for avoiding malware in your smartphone are as follows:
Always check what all permission the app requires the users to allow before installation. Stay cautious with permissions that don’t seem legitimate, for instance, if a calculator app wants to access your call logs or messages it is clear that the app wants unnecessary permission and can be malicious. Trust your gut!
Check reviews and ratings given by others users who have installed the application.If the ratings are unsatisfactory it is not preferable to download the app.
Check the number of downloads, if the number of downloads is less than 50k, it may be risky to download the app.
Don’t download apps from unknown sources, they can be infected with data-stealing malware hidden behind a genuine looking app. Stay away from pirated apps
Think before you click!