14 DAY TRIAL // The latest iteration of Faketoken comes with added capabilities, technically becoming a mass texting tool that empties your bank account.
Faketoken has been around for several years already, as the malware was first discovered back in 2014. Each version, however, added new capabilities, so after working in conjunction with a desktop app and later stealing banking data on its own, Faketoken is back with a new approach.
Security company Kaspersky says Faketoken can now infect Android devices to turn them into mass texting tools, most of the time sending out offensive messages to a foreign number.
Spreading through apps outside the Play store
While there’s no logical explanation for why the malware authors decided to use an offensive message in their attack, the foreign number is a key part of the infection, as it increases the total cost users have to pay if their devices are compromised.
“Faketoken’s messaging activities are charged to the infected device owners. Before sending anything out, it confirms that the victims bank account has sufficient funds. If the account has the cash, then the malware uses the card to top up the mobile account before proceeding with messaging,” Kaspersky explains.
The security company says it detected approximately 5,000 smartphones infected by Faketoken and sending out offensive text messages, but most of the time, the malware spreads through sources other than the Google Play Store. So if you stick with apps published in the Google Play Store (and verified by Google Play Protect), you should, at least theoretically, be secure.
Very often, the malware attempts to infect other devices by sending users text messages with links to malicious APKs containing the malicious payload, so if you do receive such an SMS pointing to a page that looks suspicious, you better not click it.