Experts in the field of IT security reported a new modification of the Faketoken virus for Android-devices. A malicious user is able to overlap the dialog boxes of other applications, using it to collect confidential information, including bank cards. The main threat to the virus is for users from Russia, Belarus, Kazakhstan and other countries.

The Trojan keeps track of active applications, and, as soon as the victim runs the required one, overrides its interface with its own, prompting the user to enter the bank card data on this page. The substitution of the official window for phishing is instantaneous, and the colors and design correspond to the original, so the user may not notice the fraud, told Kaspersky Lab.

Attackers also envisaged the possibility of circumvention of such a protective function of making payments, such as the introduction of a one-time code. Faketoken intercepts all incoming messages and sends them to control servers. In addition, the Trojan monitors those calls made by the user: when a call is received (or initiated) from a certain number, the malicious user starts to record the conversation, and then sends it to the attackers.

Presumably, the new modification of Faketoken gets on smartphones via SMS-sending, in which users are invited to upload certain photos.