New Version of Android Malware Can Secretly Track Your SMS and Calls

Miss Welch
Aug 23, 2017 · 3 min read

Faketoken malware has been doing harm for over a year. For the duration Faketoken’s existence, it has worked its way up from a primitive Trojan blocking mTAN codes to an encoder. The authors of its newer changes continue upgrading the malware, while its geographical spread is expanding.

Some of these alterations contain overlay components for around 2,000 financial applications. In one of the newest versions, it has additionally been detected a mechanism for attacking applications for booking taxis and paying traffic tickets issued by the Main Directorate for Road Traffic Safety.

We assume most Android users know by now to be careful with regards to suspicious applications and download prompts. However, as Android users become more aware of the dangers of downloading applications, the producers of the most vicious malware have adjusted by releasing increasingly subtle Trojans that can do much harm without alerting the user.

Last week, security firm Kaspersky detailed a relatively new Android malware called Faketoken. As we mentioned above, Faketoken has actually been around for at least a year, but it has advanced into something especially evil. Faketoken is suited for SMS tracking, recording phone calls, and stealing information from different applications, including banking applications once it infects an Android phone.

Faketoken — How it works?

This malware sneaks onto Android phones through bulk SMS messages with a prompt to download a few pictures. This Trojan has two sections. The first segment is an obfuscated dropper. Documents like this are generally obfuscated on the server-side to resist detection.

At first look, it might appear its code is gibberish. Nevertheless, the code decrypts and launches the second part of the malware. The second segment of the malware, a document with DAT extensions, contains the malware’s leading features. The information becomes encrypted, so it is possible to obtain a rather legible code.

After the Trojan initiates, it hides its shortcut icon and starts SMS tracking, calls monitoring and tracks whichever applications the user launches. Once getting a call from (or making a call to) a specific phone number, Faketoken starts to record the conversation and sends it to people interested in it shortly after the conversation ends.

Worst of all, you’ll probably never realize the malware is active on your smartphone. The Trojan contains an overlay system that can lift information from more than 2,000 applications, including Google Play Store, applications to book flights and hotel rooms, Android Pay, and even applications utilized to pay traffic tickets. When you open one of those applications, Faketoken replaces the UI (user interface) with a fake one requesting users to input their money related data.

Imagine a scenario in which a bank asks the client to input a code sent by SMS message to access the account. Faketoken’s producers have a response for that as well. The malware can take any of your SMS and transmit them to Command & Control servers, where hackers can utilize them to gain access.

The evidence suggests Faketoken is focusing on Russian users for now, as indicated by Kaspersky. However, this serves as a reminder that you shouldn’t download anything from a source you don’t trust or recognize.

)
Miss Welch

Written by

Be aware on whats happening around the world especially on Cyber World.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade