A growing number of cyber crooks are getting into the business of building malware targeting Android devices. Among the threats targeting devices running the Android OS is the Faketoken Trojan. This threat is not brand new; in fact, malware researchers had first spotted its activity back in 2017. However, the operators of the Faketoken Trojan are not slacking – they keep updating this threat to ensure it is capable of avoiding detection by security tools. Some of their updates include the further weaponization of the Faketoken Trojan too.

Propagation Methods

The Faketoken threat can serve both as a reconnaissance tool, as well as a banking Trojan. So far, it has been reported that there are two infection vectors involved in the propagation of the Faketoken Trojan. It would appear that some users who been tricked into allowing this threat to access their systems via a bogus text message. The fake message would urge the users to install the threatening application. The other known distribution method is via third-party application stores that do not apply sufficient security measures.


The Faketoken Trojan is a real chameleon. This nasty threat is able to recreate the interface of a variety of popular applications. The applications that the Faketoken Trojan would imitate tend to be banking services, social media applications, instant messaging platforms, etc. The end goal is to collect the banking details of the target. After its latest update, the Faketoken Trojan is now capable of mimicking a popular Russian taxi-booking application. The Faketoken threat is able to detect the activity of the application in question, and as soon as the user attempts to launch the taxi-booking application, the Trojan would instead present them with a bogus overlay.

To obtain the banking details of the users, the Faketoken Trojan would claim that they have to enter the information again so that it would be confirmed. If the users fall for this, they will provide the attackers with their banking details. Regarding its monitoring capabilities, the Faketoken Trojan is able to record the user's calls. This Trojan is also able to monitor the victim's text messages and transfer the collected data to the attackers' C&C (Command & Control) server. The threat also can wipe out text messages. The ability to delete certain text messages allows the Faketoken Trojan to operate silently, as the users may never end up seeing potential texts from their bank regarding suspicious transactions.

The authors of the Faketoken Trojan have designed their threat to operate differently depending on the geographical region it is being spread in. Users worldwide need to be wary of this nasty threat. Make sure your Android device is being protected by a reputable anti-malware application. Furthermore, avoid downloading any applications and content from third-party application stores.


Most Viewed