Researchers noticed that file-encrypting capabilities were implemented in Faketoken since July and have since released thousands of versions that include new features.
“We have managed to detect several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.” reads a blog post published by Kaspersky.
Trojan-Banker.AndroidOS.Faketoken is distributed under the guise of various programs and games, often imitating Adobe Flash Player.”
The researchers confirmed the number of the victims exceeds 16,000 users, they observed infections in 27 countries, mostly in Russia, Ukraine, Germany, and Thailand.
Faketoken uses an AES symmetric encryption algorithm to encrypt the files, this is a good news for the victims that have a chance of decrypting them without paying a ransom.
“The Trojan receives the encryption key and the initialization vector from the C&C server. The encrypted files include both media files (pictures, music, videos) and documents. The Trojan changes the extension of the encrypted files to .cat.” continues the analysis.
The researchers highlighted the fact that file encryptions are not popular with the mobile malware developers because most files stored on a mobile device are usually copied to the cloud.
For more in on Faketoken give a look at the technical analysis published by Kaspersky.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Faketoken, ransomware banker)
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.