Want to book a taxi? Faketoken Trojan might steal your credit card details and record your calls

Cyber criminals now target users of taxi applications

Taxi applications are used by millions of people daily. Whether it is Uber, Curb, Lyft, or another popular app, it helps us to get to our destination faster. Sometimes mobile apps require re-entering your credit card details or verifying your private information in order to function properly.

That almost never surprises us, because we are used to apps that “forget” things or ask to confirm us certain information now and then. However, one of such prompts can be a fake one, and you can unwillingly disclose valuable information to hackers.

Sooner or later you will notice that your cash balance is somehow low each time you check your bank account. Usually, people who get in such situations have their smartphones compromised by a mobile virus dubbed FakeToken Trojan.

Modus Operandi of FakeToken Android Trojan

The Faketoken virus has been active for years; however, its latest version boasts some new features. According to Kaspersky Blog^[1], the malicious virus compromises victim’s Android device via malicious SMS messages that contain a link to download an infectious image.

Once downloaded, the virus compromises the device. The malicious software then hides itself by removing its shortcut icon from Apps menu.

At this point, Faketoken starts illegally tracking the victim and stealing private information via the compromised device. Currently, the virus is capable of:

• Recording victim’s calls and transmitting audio files to criminals’ server;
• Overlaying legitimate apps with fake screens asking the victim to enter sensitive information. – credit card details^[2], including verification codes and passwords.
• The virus doesn’t target taxi apps only – it can display fake “enter your credit card details” screen over applications such as booking apps, Google Play, and similar.
• The virus is even capable of passing through two-factor authentication^[3] because it controls victim’s device entirely. The virus receives messages with confirmation codes (required to confirm online payments), sends them to hacker’s server, and deletes them from victim’s phone.

Protect yourself from Android viruses

• The first thing that you should know when trying to protect yourself from such and similar viruses is that they can reach your device both via apps downloaded from unknown sources as well as from Google Play Store. We do not recommend trusting the apps from the official store too much because there were numerous cases when malicious apps were detected on it^[4].
• Read all the permissions that Android apps request before installing them. If possible, read user feedback about the applications online.
• Novirus.uk recommends^[5] protecting your device with anti-malware software compatible with Android.
• Learn more about Android viruses and find out how to keep them away from your device using tips provided by the 2-Spyware team.

It doesn't matter whether it is a taxi application, bank app or another program that requires entering your credit card information to purchase certain items or services online – it can be concealed by the Trojan that will steal your important information in seconds. Be careful and do not allow it to do it!