Security Alerts & News
by Tymoteusz A. Góral

History
#1813 The banker that encrypted files
Many mobile bankers can block a device in order to extort money from its user. But we have discovered a modification of the mobile banking Trojan Trojan-Banker.AndroidOS.Faketoken that went even further – it can encrypt user data. In addition to that, this modification is attacking more than 2,000 financial apps around the world.

We have managed to detect several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016. According to our information, the number of this banker’s victims exceeds 16,000 users in 27 countries, with most located in Russia, Ukraine, Germany and Thailand.

Trojan-Banker.AndroidOS.Faketoken is distributed under the guise of various programs and games, often imitating Adobe Flash Player.
Read more
#1815 Practical reverse engineering part 5 - digging through the firmware
#1814 Bypassing exploit protection of NORTON Security
#1813 The banker that encrypted files
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12