This nefarious Trojan may impersonate your favorite ridesharing app


Be careful the next time you hail a ride from your favorite transportation app. You could be inadvertently hailing much more than you bargained for. As per a recent report from Kaspersky Lab, a mobile Trojan “has been caught recently stealing bank data by impersonating the interfaces of taxi-booking apps.” How might you know if your smartphone has been infected? One telltale sign, the research firm notes, is if your ridesharing app prompts you to enter your credit card number. Seeing as your favorite apps should already have this information on hand, if it asks you to re-enter the data, you may want to proceed with caution.

While the Faketoken Trojan, the malware in question, has been around for quite some time, it has gotten more sophisticated as time has passed. Kaspersky calls the latest iteration of the malware “Faketoken.q,” and notes that the Trojan generally infects smartphones through bulk SMS messages with a prompt to download images. Once its necessary modules have been installed, the Trojan begins monitoring everything that happens on your phone.

“When Faketoken detects the launch of an app whose interface it can simulate, the Trojan immediately overlays the app with its own screen,” Kaspersky writes. “To achieve that, it uses a standard Android feature that supports showing screen overlays on top of all other apps. A whole bunch of legitimate apps, such as messengers, window managers, and so on, use this feature.”

The fallacious window looks just like your original app’s interface, but instead of proceeding as normal, the Trojan asks you to enter credit card information. And from there, well … we know how the rest goes.

Apparently, a number of apps have been attacked in this way, including mobile banking apps, Android Pay, the Google Play store, flight and hotel booking apps, and of course, ridesharing apps.

As it stands, it appears that the Trojan is largely relegated to users in Russia, but it may not be long before the malware comes our way, too. To protect yourself from any nefarious activity, Kaspersky recommends that you go into Android settings and prevent the installation of apps from unknown sources. Go to Settings, then Security, and then uncheck Unknown sources.

You should also pay close mind to the permissions an app requests prior to installation, even if you download the app from an ostensibly safe source (like Google Play). Finally, you might consider installing antivirus on your phone.