At this point, we assume that most savvy Android users know to be on the lookout for suspicious apps and download prompts, but even as smartphone users become more aware of the risks of downloading apps, the creators of the most vicious malware have adapted by releasing increasingly subtle Trojans that can do a great deal of damage behind the scenes without alerting the user.
This week, security firm Kaspersky detailed a relatively new Android malware called Faketoken in a blog post on Thursday morning. Faketoken has actually been around for at least a year, but it has evolved into something especially sinister. Once it infects an Android device, Faketoken is capable of recording phone calls, intercepting text messages and stealing data from various apps, including banking apps.
Worst of all, you’ll probably never know that the malware is active on your device. Kaspersky says that once the Trojan initiates, “it hides its shortcut icon and starts to monitor all of the calls and whichever apps the user launches.” The Trojan contains an overlay mechanism that can lift data from over 2,000 apps, including Android Pay, the Google Play Store, apps to book flights, taxis and hotel rooms and even apps used to pay traffic tickets. As soon as you open one of those apps, Faketoken replaces the user interface with a fake one asking users to input their financial information.
But what if a bank asks the user to input a code sent by SMS message in order to access the account? Faketoken’s creators have an answer for that too. The malware can steal any incoming SMS messages and send them to command-and-control servers, where hackers can use them to gain access.
According to Kaspersky, the evidence suggests that Faketoken is being targeted at Russian users for now, but this serves as a valuable reminder that you shouldn’t ever download anything from a source you don’t trust or recognize. Otherwise, you might end up suffering the consequences.