Faketoken malware has hit Android phones in the U.S. and 55 countries. Black people understand the convenience of banking through your smartphone. But that luxury has become downright dangerous to your financial health. According KasperskyLabs.com the Faketoken malware is highly effective at stealing passwords and temporary passwords used to transfer money and pay bills using Android mobile devices.
Kaspesky labs describes the malware as a banking trojan. The malware places itself between you and your bank and redirects your payments to criminals’ bank accounts. Banks fight this by using “Two-factor authentication“, implemented via SMS. When you attempt to transfer money, you must approve the transaction by using your password, and another one-time password (OTP, mTAN) sent via text message to your smartphone. Criminals have developed a scheme in which they try to infect both your computer and smartphone to steal the password and mTAN at the same time. The scheme first came about with the Zeus/Zbot malware duo, and was highly effective. So criminals have adapted the same concept with the Android malware known as Faketoken. It too has been very efffective. According to the “IT threat evolution Q1 2014” published by Kaspersky Lab Faketoken reached #13 in the Top 20 mobile threats “hit parade”, accounting for 4.5% of all infections.
Social engineering is at the heart of this malware infection and it works like this; during an online banking session the Faketoken places a request on the infected webpage telling the user to download a fake Android app needed to complete a secure transaction. The link actually leads to Faketoken. After the malware ends up on a user’s smartphone, cybercriminals then use the computer-based Trojans to gain access to the victim’s bank account, and Faketoken allows them to harvest mTANs (one time passwords) and transfer the victim’s money to their accounts.
Breaking It Down
Are you scared yet? Black people use mobile banking more than whites. So we better know about these phony apps sent our way. Making use of this knowledge could keep you out of a lot of hassles in the future. My advice is never ever download a banking app that your bank has not explicitly approved of. When using your smartphone never ever download an attachment unless you know who its from and what it is. Most malware is delivered via email attachments. Mobile banking is a major convenience in life but not without dangers. If you see and ad, app request or pop up on your smartphone phone while you are on your bank’s website log out immediately. Scan your phone for malware, I recommend Lookout, then change your passwords. One last bit of advice, malware on your phone may be there to steal more than your money. It can steal your identity and even infect your friends phone who are in your contacts. Be aware!