Faketoken has been known to specialists for a long time: back in 2014, it got into the top twenty most common mobile threats, and then worked in tandem with desktop bankers: the “senior comrade” cracked the victim’s account and displayed money, and Faketoken intercepted SMS messages with one-time passwords to confirm these transactions.
By 2016, the Trojan began to steal money on its own: it learned to block other applications with fake windows and force the user to enter usernames, passwords and bank card information into them. In addition to this, he mastered the work of the ransomware: he began to block the screen of the infected device and at the same time encrypt the files on it.
By 2017, Faketoken had studied a whole bunch of applications that you can pretend to steal card data from – mobile banking programs, e-wallets like Google Pay, and even taxi services and fines.
Now, experts have discovered five thousand smartphones from which Faketoken sends someone insulted SMS messages. In general, the ability to send messages to mobile malvari is a common thing: many threats spread by sending links to downloading oneself to all the victim’s contacts. In addition, banking Trojans often try to become the default SMS application – to intercept messages with confirmation codes. However, before experts did not see that the malvar, aimed at other people's bank accounts, suddenly turned into a tool for personal showdowns.
Analysts admit that they don’t know whether the victim of the newsletter annoyed the authors of Faketoken themselves, or if they rent their botnet to anyone who wants it, and such actions can become massive.
All messages are sent by Faketoken to the owners of infected devices. Moreover, he approaches the question thoroughly: before sending something, he checks whether there are enough funds on the victim’s bank card. After making sure that the balance is positive, he replenishes a mobile account from this card and only after that proceeds to mailing.
For many owners of infected phones, the number on which the anger of the malvari has fallen is foreign. Considering that Faketoken is not limited to one SMS from each victim, the amount that users will ultimately be missed may turn out to be noticeable.