FakeToken attacks taxi aggregators. Think before you click!
By MYBRANDBOOK
Beware of while booking for a taxi with your favourite Taxi services either OLA or UBER if You’re in a hurry, trying to get to work, a business meeting, a date. So you launch your favorite app for booking a taxi as usual, but this time, it prompts you to enter your credit card number. Does that seem suspicious? It may not - apps forget information, and all you have to do is add your card number again.
However, after some time you notice money disappearing from your account. What happened? You may be the unlucky winner of a mobile Trojan. This kind of malware has been caught recently. Courtesy, FakeToken Mobile Trojan (a backdoor application that gives a hacker full remote access to a victim’s device) that had hit Android users back in March 2012 as a banking OTP/MSTN stealer disguised as a fake banking token generator and then reappeared as a mobile ransomware in March 2016 is back again and this time it is targeting users of famous taxi services including OLA UBER and many more.
FakeToken, further snoops on its victim via recording calls, stealing SMSs & contacts along with other critical user data.
Description
Android/FakeToken. A is a malicious application that pretends to be a security token used as a second factor of authentication in online banking transactions but in fact it is an application that steals banking credentials and executes commands from a C&C server in order to leak sensitive data (SMS messages, contact list) and download/install other applications.
Indication of Infection
• Appears to be a security token used as a second factor of authentication in online banking transactions.
Using the smart phone and smart devices you need to be very much smart enough else it’ll lead up to complete bankruptcy. Cheapest smart phones are not at all secure. Since, the phone manufacturer can’t afford to put those kind of security features and it is easily prone and link into the customer of cyber security. Cybercriminals leverage the fact that everyone has a mobile device today. This mobile trojan is lethal, in that it is able to take full control of the device, and steal critical information like banking credentials, contacts, etc and even record your calls!”
“Don’t give apps more permission than they require, Don’t download apps from untrusted sources and think before you click! These 3 tips should hold you in good stead.”
* Intercepts received SMS with mTANs in order to send them to a remote server.
* Sends the contact list to the C&C server.
* Obtains and sends device information (IMEI, IMSI, phone number) to a remote server.
* Downloads and installs other applications.
Methods of Infection
This malware requires that the user intentionally install it upon the device. Users should never install applications from unknown or un-trusted developers. This is especially true for illegal software, such as cracked applications-they are a favorite vector for malware infection.
Some simple tips for avoiding malware in your smartphone are as follows:
Always check what all permission the app requires the users to allow before installation. Stay cautious with permissions that don't seem legitimate, for instance, if a calculator app wants to access your call logs or messages it is clear that the app wants unnecessary permission and can be malicious. Trust your gut!
Check reviews and ratings given by others users who have installed the application.If the ratings are unsatisfactory it is not preferable to download the app.
Check the number of downloads, if the number of downloads is less than 50k, it may be risky to download the app.
Don’t download apps from unknown sources, they can be infected with data stealing malware hidden behind a genuine looking app. Stay away from pirated apps
Think before you click!
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
EXATRON SERVERS MANUFACTURING PVT. LTD.
TAC SECURITY SOLUTIONS
HAVELLS INDIA LTD.
WIPRO LTD.
ICONS OF INDIA : SANJAY GUPTA
Sanjay Gupta is the Country Head and Vice President of Google India an...
Icons Of India : RAJENDRA SINGH PAWAR
Rajendra Singh Pawar is the Executive Chairman and Co-Founder of NIIT ...
Icons Of India : Arundhati Bhattacharya
Arundhati Bhattacharya serves as the Chairperson and CEO of Salesforce...
CERT-IN - Indian Computer Emergency Response Team
CERT-In is a national nodal agency for responding to computer security...
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
IREDA - Indian Renewable Energy Development Agency Limited
IREDA is a specialized financial institution in India that facilitates...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation...
Indian Tech Talent Excelling The Tech World - Vinod Dham, Founder & Executive Managing Partner, IndoUS Venture Partners
Vinod Dham, known as the “Father of the Pentium Chip,” has left an...