An update to the venerable Faketoken.q Android malware has made it easier for the program to steal your credit card information from ride-sharing apps. Faketoken attacks Russian ride-sharing apps by overlaying text boxes on the credit card information pages that can capture your credit number and other important information.

Kaspersky writes:

After getting onto a smartphone (judging by the malware icon, Faketoken infiltrates smartphones through bulk SMS messages with a prompt to download some picture) and installing the necessary modules, the Trojan hides its shortcut icon and starts background monitoring of everything that happens in the system.

The trojan masquerades as a photo app on your phone and is specially camouflaged for maximum sneakiness. It then watches all your apps and uses a technique similar to Cloak & Dagger that overlays interface items onto running apps. This functionality is helpful in some cases but, as we see, is dangerous in others.

The trojan also goes after “apps for booking flights and hotel rooms, and apps for paying traffic tickets — as well as apps for booking taxis.”