Faketoken malware was earlier able to hijack Android devices and use phishing login screens to harvest the victim's personal information. Now, the malware's capabilities have expanded to sending out offensive text messages from the user's smartphone.
Expensive bulk messages sent to foreign numbers
Faketoken is a banking Trojan that has been around for several years. Cybersecurity and anti-virus provider Kaspersky Labs has found that Faketoken has been detected on more than 5,000 smartphones and has now been upgraded to send out offensive text messages to foreign numbers and rack up your mobile bill.
The bulk SMSes are charged to the victim, potentially providing a fresh revenue stream for the malware operators. Before sending out the messages, Faketoken confirms whether the victim has sufficient funds in his or her bank account. If there is enough balance, then the malware uses the card to top up the mobile account before proceeding with the messaging.
"SMS capability is, in fact, standard equipment for mobile malware apps, many of which spread through download links they send to victims' contacts. In addition, banking Trojans often ask to become the default SMS application so they can intercept confirmation code messages. But for banking malware to turn into a mass texting tool? We had never seen that before," Kaspersky said in a blog post.
Evolution of Faketoken
In 2014, the malware made it to the top 20 list of the most dangerous mobile threats in existence. Back then, it worked in conjunction with desktop banking Trojans. While the desktop app hacked into the victims' accounts and withdrew money, Faketoken intercepted text messages with one-time passwords to authorize the fraudulent transactions.
By 2016, Faketoken operated as a standalone mobile banking Trojan and started stealing money directly. First, it requested rights to overlay other apps or the right to be the default SMS application and then trick users into entering their usernames, passwords, and bank card information. It also functioned as ransomware, blocking the targeted devices' screens and encrypting their files.
By 2017, Faketoken was able to mimic several apps, including mobile banking apps, digital wallet services like Google Pay, as well as taxi booking apps and apps for payment of fines and penalties, to steal the victims' bank account information.