A new variant of Android malware that threatens your mobile banking safety is evolving and posing a threat, according to Kaspersky Lab.
Named ‘Faketoken,’ this malware reportedly masquerades as Adobe Flash Player, among other programs and games, and once downloaded, it can communicate directly with the protections in your operating system and take them over.
Here’s what you need to know about Faketoken…
What does Faketoken do?
Faketoken was originally discovered in 2014. When you’re doing online banking, Faketoken will send a request to your phone telling you that you need to download an app to complete your transaction.
But instead of routing you to a real app like Adobe Flash Player, Faketoken directs you to an infected download.
Once the bogus download is on your phone, Faketoken can use it to then request admin rights to your phone. From there, it requests permissions to access your text messages, files and contacts, to send text messages and to make calls.
That allows Faketoken to intercept texts that your bank would send as part of their two-factor authentication safeguards. And that’s how the criminals can gain access to your account and transfer money out of it!
The latest wrinkle in this case is that Kaspersky has determined Faketoken has now been modified to include a data encryption capability.
How many accounts have been impacted?
Some 16,000 users are believed to have been hit, according to Kaspersky. The malware has shown up in the United States, Germany, Russia, Thailand and elsewhere.
What can you do to protect yourself?
Since Faketoken aims to steal your text messages to get those special one-time codes from your bank, one of the best ways to deal with this is to opt for two-factor authentication with financial institutions that doesn’t involve SMS.
Some common alternatives include fingerprint or facial identification. Vanguard even uses voice recognition software as part of its two-factor authentication process.
Here are some other general guidelines about way you can protect yourself from malware apps in the online banking realm…
Keep your operating system updated
Always make sure you install the latest software updates from your operating system. These often include security and protection updates to help protect your device.
Don’t mess with your OS
Resist the temptation to fool around with your operating system. People sometimes mess around with their OS in trying to download apps that aren’t sanctioned. Don’t do it!
Keep your malware updated
Make sure you install malware protection and make sure that it is updated. Clark’s Virus, Spyware and Malware Protection Guide is a great way to find free and effective options.
Skip the public Wi-Fi
You should never do any financial transactions on free public Wi-Fi. Period!
Don’t click on strange texts
Android users got a real scare last year when a report emerged that they could be hacked by text message.
Cast a critical eye on text messages from your bank
Maybe you’ve signed up for texts from your bank. But then a text comes through you weren’t expecting with a link for you to click to update your info. What do you do?
While it may be legit, your best bet is to play it safe. Get off your phone, get onto a secure network (preferably from a computer with good anti-virus software on it) and log into your bank’s official website.
If the text from your bank was a legit one, you should see the same request for your info at the bank’s official website. Then you can give them whatever info they’re asking for.
Only trust downloads directly from financial websites
When it comes to downloading mobile banking apps, be sure you only install your bank, credit union or brokerage firm’s official apps that you find at their websites.
Turn off auto-fetching
Check your statements diligently
Go through your bank statement line-by-line on a daily basis. Report any suspicious charges immediately.
Have a different password for each financial site
You’re going to need a unique password for each financial account you have: Bank, credit union, brokerage account, etc. That way if one is compromised, the crooks won’t have automatic access to every financial account in your life. Here are seven ways to create safer passwords for all your accounts.
Read more: The #1 wireless network in America is…