The malware is called Fakedtoken and began as a banking trojan that intercepted texts to steal two-factor authentication codes. Kasperskys researchers suspect it spreads via bulk SMS text message to potential victims, asking them to download some pictures, according to Business Insider.
Once installed, it hides its icon and places a covert over banking and miscellaneous applications, such as Android Pay, Google Play Store, or apps for paying for traffic tickets and booking flights, hotel rooms, and taxis. The malware can even intercept SMS messages, thus breaking the two-factor authentication required by some banks to authorise payments and transfers.
The threat of Fakedtoken appears to be largely limited to Russian and ex-Soviet countries, the researchers wrote. Security experts recommend that Android smartphone users should not install apps from third-party sources or download unknown files. By default, Android phones only allow users to install apps from the official Google Play Store.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now