Faketoken
Faketoken is an Android banking Trojan family. In the provided Kaspersky mobile threat reporting, it is identified as one of the banking Trojan families encountered by users, alongside Mamont, Rewardsteal, and Creduz. The content specifically places Faketoken in the Android mobile malware ecosystem under the Trojan-Banker.AndroidOS naming convention and notes its presence in real-world detections in Q1 2026 and in broader 2024 mobile banking Trojan activity summaries. The supplied material does not provide additional high-confidence technical details on Faketoken’s infection vector, payload behavior, targeted sectors, associated threat actor, or specific indicators of compromise beyond its classification as an Android banking Trojan family observed in user detections.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
1 distinct technique documented for this family, organized by ATT&CK tactic.
Credential Access
1 technique
Credential Access
Recent activity
5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Android banking trojan family observed among active mobile banker threats in the quarter.
Android banking trojan listed among the top mobile banker detections in 2024.
An Android banking Trojan family present in the 2024 mobile banking malware rankings.
An Android mobile banking Trojan family mentioned as one of the banking threats encountered by users in Q1 2026.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.