1. /
  2. Security Response/
  3. Android.Faketoken


Risk Level 1: Very Low

March 22, 2012
March 22, 2012 2:31:38 PM
Systems Affected:
Android.Faketoken is a Trojan horse that opens a back door on the compromised device.

Android Package File
APK: santander.apk
Version: 1.0
Application Name: TokenGenerator

When the Trojan is being installed, it requests permissions:
  • Check the phone's current state.
  • Access information about networks.
  • Send SMS messages.
  • Monitor incoming SMS messages.
  • Open network connections.
  • Write to external storage devices.
  • Install or delete other packages.
  • Read contact data.
  • Start once the device has finished booting.

Antivirus Protection Dates

  • Initial Rapid Release version March 16, 2012 revision 041
  • Latest Rapid Release version February 19, 2013 revision 016
  • Initial Daily Certified version March 17, 2012 revision 009
  • Latest Daily Certified version March 17, 2012 revision 009
  • Initial Weekly Certified release date March 28, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Opens a back door on the compromised device.


  • Distribution Level: Low
  • Target of Infection: Android devices.
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Branko Spasojevic

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report