A new variant of the mobile banking Trojan Faketoken is stealing sensitive account related information from common Android apps used for travel and banking. The Kaspersky Lab uncovered this deceiving Trojan, which is a threat to anyone storing credit information for in-app purchases.

There have been reports of the virus attacking and infecting popular apps such as Android Pay, and other ones used for travel and hotel booking, and making traffic fine payments. The virus can manipulate around 2,000 apps.

There are no reports of Faketoken infecting phones in the GCC so far, and is currently active in Russia only. But experts in Kaspersky Lab believe that the virus can easily spread beyond Russia. It might be spreading through bulk SMS messages that prompt users to download images.

Before we tell you more about this scary virus, we would like to inform you that it is not invincible. You can protect your sensitive information by installing anti-malware software for mobiles, disabling third-party app installation, and not downloading attachments from unknown senders.

Example of fake graphics on an app screen, which seems to demonstrate how to edit a screenshot. Image: TechRepublic/Brandon Vigliarolo

Faketoken is capable of eavesdropping on and stealing more than just banking credentials, it steals all incoming SMSes, and helps criminals to Phish highly confidential information such as one-time verification passwords from banks, and location details sent by cab operators. It also monitors users’ calls, records those, and sends conversations to criminals.

“The new version of ‘Faketoken’ performs live tracking of apps and, when the user runs a specified app, overlays this with its phishing window to steal the bank card details of the victim,” Kaspersky Lab said in a statement.

It’s difficult to spot the virus as it covers the screen with an invisible layer, and portions of it have graphics that look strikingly similar to common apps.

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ride-sharing services, means that the developers of these services may want to start paying more attention to the protection of their users,” said Viktor Chebyshev, security expert at Kaspersky Lab.

“The banking industry is already familiar with fraud schemes and tricks, and its previous response involved the implementation of security technologies in apps that significantly reduced the risk of theft of critical financial data,” Chebyshev added.