Rewterz Threat Alert – Android Trojan Targeting Mobile apps in Massive Text Campaigns

Tuesday, January 14, 2020



Analysis Summary

An Android banking Trojan dubbed Faketoken has recently been observed by security researchers while draining its victims’ accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. Faketoken is an Android malware strain which has a Mobile Transaction Authentication Number (mTAN) interceptor camouflaged as a mobile token generator. Besides using fake logins and phishing overlay screens to steal credentials and exfiltrating mTAN numbers used by banks to validate online transactions, the malware can also generate customized phishing pages targeting over 2,200 financial apps, and can steal device information such as the IMEI and IMSI numbers, the phone number, and more.

Faketoken phishing screens (Kaspersky)


  • Exposure of sensitive information
  • Financial loss


  • Always download applications from verified sources.
  • Pay attention while giving permissions requested by the applications.
  • Disable from unknown sources in the security and unchecking settings.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 20, January 2020 Rewterz Threat Alert – Iranian APT Group “MuddyWater” Resurfaces
  • 20, January 2020 Rewterz Threat Alert – STOP (djvu) Ransomware Actively Spread
  • 20, January 2020 Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Copyright © Rewterz. All rights reserved.