Faketoken is Back: How to Stay Safe from the Trojan Targeting Android Devices

In February 2020, BI.ZONE detected a surge in the Faketoken trojan activity. Trojan-Banker.AndroidOS.Faketoken disguises itself as an application for a popular online classifieds platform, with over 2,000 victims infected daily. BI.ZONE experts explain what you should know about the trojan and how to protect yourself from it.

What Is Faketoken?

In February 2020, criminals launched a large-scale Faketoken malware distribution campaign targeted at customers of a popular classifieds platform in Russia. Detected first in 2012, the trojan is not unknown to the cybersecurity community. Back then, its capabilities were limited to intercepting SMS passwords from online banks. Over 8 years of evolution, the malware has acquired more features.

I have an Android device! Am I at risk?

Yes. This is the most common method that hackers use to spread the malware:

Criminals address the victim by name to lull them into a false sense of security
Criminals give detailed instructions to the user on how to install the malware
The application prompts the user to grant it permissions to use the Android Accessibility Service
A booking portal, a taxi service and a well-known bank — the trojan is specifically set to target particular applications

What if I downloaded the trojan? Are they going to steal all my money?

No, you can still save your funds by deleting the malware. However, Faketoken is not a simple trojan, it actively struggles with your antivirus software and cannot be deleted like a normal app.

The antivirus cannot combat the trojan — Faketoken imitates the user’s actions and closes the program window
Less than one minute to remove the trojan in safe mode

Are there any precautions against the trojan?

Certainly! If you follow these simple rules, there is almost a zero chance that you will have your device compromised and money stolen:

  1. Download applications from official stores only, such as Google Play.
  2. Keep Google Play Protect enabled.
  3. Use antivirus that runs frequent updates of its virus signature database.
  4. Avoid using your primary phone number to advertise on online platforms. Make sure you have a dedicated SIM card for this purpose.
  5. Have a separate bank card for online purchases, with a minimum credit limit and a low account balance. Even if your card details are compromised, this will minimise your losses.

BI.ZONE — expert in strategic management of digital risks: we help organisations to develop safely in the digital age