{"id":4513,"date":"2014-04-17T12:37:33","date_gmt":"2014-04-17T16:37:33","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=4513"},"modified":"2020-02-27T03:41:47","modified_gmt":"2020-02-26T16:41:47","slug":"faketoken-2014q1","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/faketoken-2014q1\/4513\/","title":{"rendered":"Banking Malware is Rapidly Growing on Android"},"content":{"rendered":"<p>Financial fraud remains one of the most dangerous kinds of activity that a malware might perform after infecting your computer. So called \u201c<a href=\"https:\/\/www.kaspersky.com.au\/blog\/the-big-four-banking-trojans\/\" target=\"_blank\" rel=\"noopener noreferrer\">banking Trojans<\/a>\u201d are able to inject themselves between you and your bank, thus manipulating your funds and redirecting your payments to criminals\u2019 bank accounts. To counter this threat, most banks utilize so-called \u201c<a href=\"https:\/\/www.kaspersky.com.au\/blog\/podcast-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener noreferrer\">Two-factor authentication<\/a>\u201c, which is typically implemented via SMS. When you try to transfer funds online, you must approve the transaction using your password, plus a one-time password (OTP, mTAN) being sent via text message to your smartphone. In turn, criminals developed a scheme in which they try to infect both your computer and smartphone to steal the password and mTAN at the same time. This scheme was first introduced in the Zeus\/ZitMo malware duo, and it proved quite effective. Recently, the same concept was implemented in the Android malware called Faketoken. Unfortunately, it is quite effective, too, and a recent report, \u201c<a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792332\/IT_threat_evolution_Q1_2014\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">IT threat evolution Q1 2014<\/a>\u201d published by Kaspersky Lab, indicates that Faketoken reached #13 in the Top 20 mobile threats \u201chit parade\u201d, accounting for 4,5% of all infections.<\/p>\n<p>The mechanics of Faketoken infection is actually quite interesting. Criminals utilize <a href=\"https:\/\/www.kaspersky.com.au\/blog\/social-engineering-hacking-the-human-os\/\" target=\"_blank\" rel=\"noopener noreferrer\">social engineering<\/a> to infect a smartphone. During an online banking session, the computer-based Trojans use a web inject to seed a request on the infected webpage to download an Android application that is allegedly needed in order to conduct secure transactions, but the link actually leads to Faketoken. After the mobile threat ends up on a user\u2019s smartphone, cybercriminals then use the computer-based Trojans to gain access to the victim\u2019s bank account, and Faketoken allows them to harvest mTANs and transfer the victim\u2019s money to their accounts.<br>\n<\/p><blockquote class=\"twitter-pullquote\"><p>Faketoken banking malware attacks smartphones in 55 countries, including: Germany, the UK and the US. #Kaspersky #report<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FPPe5&amp;text=Faketoken+banking+malware+attacks+smartphones+in+55+countries%2C+including%3A+Germany%2C+the+UK+and+the+US.+%23Kaspersky+%23report\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote><br>\nAccording to reports, most mobile banking threats are designed and initially used in Russia; later, cybercriminals may subsequently use them in other countries. Faketoken is one such program. During the first three months of 2014, Kaspersky Lab detected attacks involving this threat in 55 countries, including: Germany, Sweden, France, Italy, the UK, and the US. To mitigate the risk, users must utilize <a href=\"https:\/\/www.kaspersky.com\/advert\/free-trials\/multi-device-security?redef=1&amp;THRU&amp;reseller=blog_en-global\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Multi-Device protection<\/a>, i.e. using a dedicated security solution both on PC and Android smartphone.\n","protected":false},"excerpt":{"rendered":"<p>The concept of mobile malware working in bond with computer Trojans to steal money via online banking is not new, however Kaspersky Lab Q1 report indicates that it quickly gaining \u201cmarket share\u201d.<\/p>\n","protected":false},"author":32,"featured_media":4515,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2646],"tags":[510,105,613,36,614,45,422],"class_list":{"0":"post-4513","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-analysis","10":"tag-android","11":"tag-faketoken","12":"tag-malware-2","13":"tag-report","14":"tag-smartphones","15":"tag-threats"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/faketoken-2014q1\/4513\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/faketoken-2014q1\/3342\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/faketoken-2014q1\/3221\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/faketoken-2014q1\/3643\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/faketoken-2014q1\/3700\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/faketoken-2014q1\/3724\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/faketoken-2014q1\/4513\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/faketoken-2014q1\/3015\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/faketoken-2014q1\/3358\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/faketoken-2014q1\/3724\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/faketoken-2014q1\/4513\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/analysis\/","name":"analysis"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/4513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=4513"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/4513\/revisions"}],"predecessor-version":[{"id":26292,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/4513\/revisions\/26292"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/4515"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=4513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=4513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=4513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}