FakeToken is an Android malware that pretends to be a mobile token generator, but actually intercepts and steals SMS messages containing Mobile Transaction Authentication Numbers (mTANs), which are automatically generated by a bank and sent to a user’s mobile device to validate an online transaction.
On execution, FakeToken intercepts SMS messages containing mTANs and forwards them to a remote location or to a user. Details of where the SMS messages are sent are stored in an XML configuration file. In addition, the malware may also forward details of the compromised device to a remote location.
Kaspersky Labs have revealed that the Faketoken mobile trojan is now capable of mimicking top banking apps, top e-wallets including Google Pay, cab-hailing apps to trick users divulge bank account login details.