The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year.
Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. Not so long ago, thanks to our colleagues from a large Russian bank, we detected a new Trojan sample, Faketoken.q, which contained a number of curious features.
In July 2017, during an investigation, suspicious DNS requests were identified in a partnerrsquo;s network.
The source of the queries was a software package produced by NetSarang. Our analysis showed that recent versions of the software had been surreptitiously modified to include an encrypted payload that could be remotely activated by a knowledgeable attacker.
DAILY VIDEO: FTC asked to investigate Hotspot Shield VPN privacy risks; T-Mobile Seniors Plan offers smartphone users 55+ two Lines for $60; Outlook.com users can 'toggle' new inbox beta experience; and there's more.