Android FakeToken Malware

FakeToken is an Android malware that pretends to be a mobile token generator, but actually intercepts and steals SMS messages containing Mobile Transaction Authentication Numbers (mTANs), which are automatically generated by a bank and sent to a user’s mobile device to validate an online transaction.

On execution, FakeToken intercepts SMS messages containing mTANs and forwards them to a remote location or to a user. Details of where the SMS messages are sent are stored in an XML configuration file. In addition, the malware may also forward details of the compromised device to a remote location.

Kaspersky Labs have revealed that the Faketoken mobile trojan is now capable of mimicking top banking apps, top e-wallets including Google Pay, cab-hailing apps to trick users divulge bank account login details.

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: