A banking trojan dubbed Faketoken found infected more than 5,000 smartphones and started sending out offensive text messages.
The malware found to active since 2014, the malicious app aimed to hack victim’s account and withdraw money, they also capable of intercepting text messages received on victim mobiles.
Starting from 2016, the malware evolved as a full-fledged mobile banking Trojan, it overlay’s on other apps to trick the users entering into logins, passwords, and bank card info.
In another campaign in 2017, it mimics a lot of apps such as mobile banking apps, e-wallets such as Google Pay, and even taxi service apps to steal bank account data and card details.
Security researchers from Kaspersky observed the return of the Android banking malware, infected more than 5,000 smartphones and sends offensive text messages.
The banking trojan asks to set the victim as a default text message app so that it can intercept any SMS messages such as OTP sent to the infected device.
“But for banking malware to turn into a mass texting tool? We had never seen that before”, Kaspersky said.
Before starting to send premium messages that charge the infected device owner’s account, Faketoken checks that the victim has sufficient funds, if the victim has enough funds then malware uses to top up the mobile account for sending messages.
“Many of the smartphones infected by Faketoken were texting a foreign number, so the messages the Trojan sent cost the users quite a bit.”
The good news is that Faketoken not distributed through the play store, it appears using third-party stores. It is always recommended to download apps only from the official store.