MOSCOW, December 20. /TASS/. Russian security software maker Kaspersky Lab has discovered a new modification of mobile banking Trojan - Faketoken - that stole data of more than 16,000 people in 27 countries, in particular from Russia, Ukraine, Germany and Thailand, the company said in a press release.
Hiding in games and applications including Adobe Flash Player, Faketoken steals data from more than 2,000 financial applications for Android.
Experts at the Kaspersky lab mark the ability of Faketoken to encrypt data, which is not typical for a banking Trojan. Most of these viruses block the device itself, not the data on it, because it can be stored in the cloud. But Faketoken encrypts data, both documents and media files (including images, music and videos).
Once a device is infected, the Trojan requests local administrator rights, the right to block windows of other applications or to the right become an application by default for working with SMS. In case of refusal the dialog box constantly restarts and eventually the device user has to accept it.
The Trojan steals data in almost any language: once the rights are obtained, it loads the database with phrases in 77 languages for different locations of the devices.
Faketoken uses these phrases to generate phishing messages, and steal passwords from Gmail accounts. Also it is able to block the Google Play Store window to steal credit card data of the victim.
Kaspersky Lab specializes in developing protection against viruses, spam and cyber attacks. The company operates in more than 200 countries and has headquarters in Moscow.