According to noted cyber-security firm, Kaspersky Lab, the notorious Trojan malware ‘Faketoken’ has been modified by criminal elements to steal user data from popular Android Taxi applications and ride-sharing apps. According to a post on Kaspersky’s security blog, it was noted that,

The Faketoken Trojan has existed for a long time, and it has been upgraded for many years. Our experts named the current version “Faketoken.q,” and by now it has learned a significant number of tricks.

This new modified variant of ‘Faketoken’ can track user and application history in real-time while relaying the information to its own criminal server network(s). The malware can also impersonate specific application(s) and when such an app is launched by the user it overlays the UI with its own phishing window to syphon credit card details of the victim.

FakeToken installed on a compromised device
The FakeToken Application installed


To cover its own tracks, the application downloads itself in modules instead of a single unified installer, this is after the application hides its own presence on the infected device. The Trojan was initially developed to scam online and app based banking functions.

Viktor Chebyshev, Security Expert at Kaspersky Lab stated,

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ride-sharing services, means that the developers of these services may want to start paying more attention to the protection of their users

He added that since the banking sector is already familiar with such fraud schemes and systems, earlier it had mitigated such issues by implementing secure technologies ins apps that brought down the risk of theft of critical financial data.

Currently, this new variant of Faketoken is mainly circulating in Russian devices, security experts fear that the malware could become common place in other parts of the world.

The modified Faketoken Trojan can currently steal information including all SMS messages, monitor and record user calls and then sends this data to the command control servers of the criminals.

Since then, Kaspersky Lab staff has also detected the application trying to get into other popular Android mobile applications such as travel and hotel bookings and apps for traffic line payments, Android Pay and Google Play.

Follow us on our social media to keep up to date with the latest in the world o