Security News Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a user's financial data on a daily basis.

Mobile banking trojans work by watching when users open an app and displaying a fake login page on top that asks the victim for his credentials or other financial information.

A short history of the evolution of mobile banking trojans
Over the course of the last decade, as the Android OS has become more popular and added more features, Android banking trojans have become more prevalent and efficient at their job.

In their early versions, Android banking trojans targeted mobile banking applications alone, by collecting credentials via fake logins and then using this data to log into the victim's account and steal funds.
.....
......
.....
.........
Click to expand...
Faketoken adds support for phishing ride-hailing apps
Now, researchers at Kaspersky Lab have found an Android trojan that collects payment card data from taxi & ride-hailing apps.

This move makes perfect sense, as most ride-hailing apps won't even let users sign up if they don't enter payment card details. This means that users are conditioned to handing over payment card data. Furthermore, most apps regularly forget previous data, and an app requiring a user to re-login or re-enter card details isn't that out of the ordinary.

The first such banking trojan to phish mobile taxi apps is named Faketoken, and its latest version only targets ride-hailing apps for services operating in Russia, along with mobile apps for paying traffic tickets issued by the country's Main Directorate for Road Traffic Safety.
Click to expand...

Faketoken can also operate as Android crypto-ransomware
Faketoken is a mobile banking trojan that was first mentioned in a 2012 F-Secure report, has also been quite active in 2015, and had previously added support for a crypto-ransomware component at the end of 2016.

Currently, the trojan supports overlaying fake login and phishing screens for about 2,000 financial apps, being one of the most advanced and well-maintained tools on the market, albeit it's used predominantly for targeting Russian users.
Click to expand...
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,186
Security News
Digmor Crusher
Digmor Crusher
Gandalf_The_Grey
    • Like
    • Hundred Points
    • +Reputation
Malware News TrickMo malware steals Android PINs using fake lock screen
Replies
0
Views
1,267
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • +Reputation
    • Like
GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries
Replies
0
Views
1,411
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top