Another day, another Android malware.
In the typical life cycle of a product, we see it going through different stages. Initially, it just might be a minimum viable product (MVP) and then eventually with the addition of features, it evolves into somewhat of a fully functional product. Funnily enough, it looks like the black hat community has also been taking entrepreneurship classes.
Take the case of Faketoken malware. Coming to the scene in 2014 as an app that “intercepted text messages with one-time passwords” to assist other desktop banking trojans in stealing money, it started doing the entire process itself in 2016 as a stand-alone app. Furthermore, it was also serving as ransomware cashing users over their encrypted data.
As if that wasn’t enough, in 2017, it had upped its game considerably in mobile phishing by being able to “mimic” prominent financial apps such as Google Pay. Yet, recently, we’ve come to know of another development.
As detected by Kaspersky’s botnet activity monitoring system named “Botnet Attack Tracking,” 5000 smartphones infected by Faketoken suddenly started sending offensive text messages unauthorizedly.
“SMS capability is in fact standard equipment for mobile malware apps, many of which spread through download links they send to victims’ contacts. In addition, banking Trojans often ask to become the default SMS application so they can intercept confirmation code messages. But for banking malware to turn into a mass texting tool? We had never seen that before,” wrote Alexander Eremin of Kaspersky in a faketoken malware sends expensive offensive texts expense
