Kaspersky discovered a news strain of the mobile banking Trojan Faketoken that displays overlays on top of taxi booking apps to steal banking information. The malware is being distributed using bulk SMS messages to trick users into downloading an image file that actually downloads the malware. The Trojan is composed of two parts, the first part is an obfuscated dropper (verdict: Trojan-Banker.AndroidOS.Fyec.az) The second one is a file with DAT extensions that contains the malwares main features.”]
Source: http://securityaffairs.co/wordpress/62122/malware/faketoken-targets-taxi-booking.html