Skip to main content
  1. Home
  2. Mobile
  3. News

This nefarious Trojan may impersonate your favorite ridesharing app

Lulu Chang
By

uber
Image used with permission by copyright holder
Be careful the next time you hail a ride from your favorite transportation app. You could be inadvertently hailing much more than you bargained for. As per a recent report from Kaspersky Lab, a mobile Trojan “has been caught recently stealing bank data by impersonating the interfaces of taxi-booking apps.” How might you know if your smartphone has been infected? One telltale sign, the research firm notes, is if your ridesharing app prompts you to enter your credit card number. Seeing as your favorite apps should already have this information on hand, if it asks you to re-enter the data, you may want to proceed with caution.

While the Faketoken Trojan, the malware in question, has been around for quite some time, it has gotten more sophisticated as time has passed. Kaspersky calls the latest iteration of the malware “Faketoken.q,” and notes that the Trojan generally infects smartphones through bulk SMS messages with a prompt to download images. Once its necessary modules have been installed, the Trojan begins monitoring everything that happens on your phone.

Recommended Videos

“When Faketoken detects the launch of an app whose interface it can simulate, the Trojan immediately overlays the app with its own screen,” Kaspersky writes. “To achieve that, it uses a standard Android feature that supports showing screen overlays on top of all other apps. A whole bunch of legitimate apps, such as messengers, window managers, and so on, use this feature.”

Related

The fallacious window looks just like your original app’s interface, but instead of proceeding as normal, the Trojan asks you to enter credit card information. And from there, well … we know how the rest goes.

Apparently, a number of apps have been attacked in this way, including mobile banking apps, Android Pay, the Google Play store, flight and hotel booking apps, and of course, ridesharing apps.

As it stands, it appears that the Trojan is largely relegated to users in Russia, but it may not be long before the malware comes our way, too. To protect yourself from any nefarious activity, Kaspersky recommends that you go into Android settings and prevent the installation of apps from unknown sources. Go to Settings, then Security, and then uncheck Unknown sources.

You should also pay close mind to the permissions an app requests prior to installation, even if you download the app from an ostensibly safe source (like Google Play). Finally, you might consider installing antivirus on your phone.

Editors' Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Apple may soon allow you to change your default iPhone apps
iPhone 11 Pro Screen

Apple might soon let you set competitor apps like Google Chrome or Microsoft Outlook as the default on your iPhone or iPad. 

Bloomberg reports that the tech giant is considering allowing third-party developers to be set as the default on its devices after the company received significant criticism about not allowing people to change their default apps. 

Read more
Uber may be banned in London. Could the same thing happen in the U.S.?
The Uber app being used in London, England

The city of London on Monday announced it would revoke Uber’s operating license for the second time in two years over “persistent safety problems." The move means that the app might soon be banned in a city that's grown accustomed to easy rideshares, just as many American cities rely on similar apps.

For reasons that include safety issues for both riders and drivers, further congestion in cities, workers’ protections, and bucking regulations, Uber, Lyft, and similar apps have been a target of ire since they first appeared on the streets and disrupted how ordinary people around the world commute. That means they’ve been banned and fined multiple times over now -- and while some American cities want to crack down on ridesharing apps, there's little many of them can do to outright ban them as London, Uber's largest European market, is attempting to do.

Read more
New Apple bug may be sharing your Keychain passwords with Family Sharing members

Apple has rolled out a new patch for iOS 13 as users discover new bugs seemingly every other week. The maker of the iPhone and other popular devices may have to release another one: A few Apple users who have enabled Family Sharing on their iCloud accounts are complaining that their Keychain credentials are being synced with other family members without permission.

In a tweet, Indian iOS developer Tanmay Sonawane wrote that all the passwords he has stored in Keychain, Apple’s default password manager, were available on his brother’s Apple devices as well. This means, for instance, that when a family member visits a site for which you too have saved the login in Keychain, they will be able to view the option in their Autofill drop-down menu on Safari.

Read more