Do you cling onto the custom of booking taxis/flights/tickets using your Android devices?  Then you should be on your guard.  As of late, cyber criminals have turned their attention from banking to prospective non-banking apps.  Kaspersky Labs observed that the Android Trojan that has targeted the banking apps previously, is now eyeing on your non-banking activities as well.

You might be wondering how this is possible.  Well, a new variant of the Android Trojan, Faketoken can detect and record your calls, provided your device is infected with the malware.  Dubbed as Faketoken.q, it lures you to download an image file, reportedly being distributed via bulk SMS.  The alleged image file is originally the cache for the Faketoken malware.

Once you successfully download the sly image, the Trojan installs the main payload and the necessary modules to take command over your handset.  It further monitors all your call logs and apps.  The spyware conceals its shortcut icon in your device.  You might be in the dark while it keeps a track of all your daily actions.

Agile and grabby as a lizard, it displays an overlay on top of your non-banking apps to steal your banking credentials.  It cunningly uses the fake user interface to achieve this target.

You may be prompted by the fake user interface to enter your payment card information including verification code from the bank.  This can be misused by the cyber thieves to make fraudulent transactions using your account.

Android Trojan Now Targets Non-Banking Apps (Taxi, flights & hotel booking) that Require Credit/Debit Card Payments https://t.co/YggP9rofrC pic.twitter.com/JYz3a2b76H

— The Hacker News (@TheHackersNews) August 18, 2017

 

The Faketoken.q can envelop itself over your Google Play Store, Android Pay, traffic ticket paying apps, flight reservation app, hotel booking apps, and taxi hiring apps.

A security expert at the Kaspersky Lab, Viktor Chebyshev points out the prevalence factor of this Android Trojan.  “The new version of Faketoken targets mostly Russian users. However, the geography of attacks could easily be extended in the future. We have seen that with previous versions of Faketoken and other banking malware in the past.”

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ride-sharing services, means that the developers of these services may want to start paying more attention to the protection of their users. The banking industry is already familiar with fraud schemes and tricks, and its previous response involved the implementation of security technologies in apps that significantly reduced the risk of theft of critical financial data. Perhaps now it is time for other services that are working with financial data to follow suit,” he added.

To protect your Android handsets from such fraudulent schemes, you should never install third party apps and not entertain unknown files to be downloaded into your system.  Furthermore, it is better to shield your devices from such attacks using a proper anti-virus firmware.