Android malware can steal customer details from ride-sharing apps

Published: August 21, 2017

Updated: July 24, 2018

Author: Luke Jones



Russian security expert Kaspersky Lab, a developer of secure platforms and anti-virus software, says hackers are now able to steal personal information from taxi and ride-sharing applications. The company says its researchers found a modification in a known mobile banking Trojan (Faketoken) that allows actors to take user credentials from apps.

Kaspersky Lab says using the malware, hackers are targeting the leading taxi and ride-sharing apps across the globe.

The company announced its findings last week, saying the Faketoken malware affects Android devices. As the most popular mobile platform, Android devices are used by hundreds of millions of users each day. Popular ride apps take customer details and financial information as part of the service they offer. Cybercriminals can access this data if the Faketoken attack is enacted.

The new variant of the Trojan tracks applications in a live environment, waiting for a user to run a specified app. Taxi and ride-sharing apps are then attacked with a phishing window. If a user clicks the window (failing to remove it properly), the malware can be installed and details stolen. To make the phishing windows hard to detect, attackers are designing them to look like the apps they are infecting.

“The fact that cybercriminals have expanded their activities from financial applications to other areas, including taxi and ridesharing services, means that the developers of these services may want to start paying more attention to the protection of their users,” suggested Viktor Chebyshev, security expert at Kaspersky Lab, in the release. “The banking industry is familiar with fraud schemes, and its solution of implementing security technologies in apps has significantly reduced the risk of theft of critical financial data. Perhaps now it is time for other services that are working with financial data to follow suit.”

At the moment, Faketoken is targeting Russian users, but Kaspersky Lab warns “the geography of attacks could easily be extended, like we have seen with previous versions of Faketoken.”