Protect your bank account: Discover how this new malware hijacks your financial calls!
- Replies 3
In the digital age, convenience often comes hand-in-hand with new risks, and for our tech-savvy seniors, staying informed is the best defence.
A new wave of Android malware has emerged, posing a significant threat to users by intercepting and redirecting important phone calls.
Cybersecurity experts are urging users to stay vigilant and take necessary precautions to safeguard their devices from this growing menace.
A piece of malware known as ‘FakeCall’ has been upgraded to reroute bank calls directly to attackers, posing a significant threat to the security of personal financial information.
The ‘FakeCall’ malware, a banking trojan, has evolved from its initial incarnation, which Kaspersky first reported in April 2022. It was designed to deceive victims through voice phishing (vishing) by impersonating banks and asking for sensitive information.
According to a March 2023 report by CheckPoint, 'FakeCall' has become more sophisticated, impersonating over 20 financial organisations and offering targets low-interest loans, all while featuring new evasion mechanisms to lower detection rates.
Besides engaging in vishing, FakeCall can also record live audio and video from infected devices, enabling attackers to steal sensitive data without the victim's action being required.
The latest version of 'FakeCall', analysed by Zimperium, has introduced a particularly insidious feature: it can now set itself as the default call handler on an Android device.
The call handler in Android manages both incoming and outgoing calls, functioning as the primary interface for processing, dialling, connecting, and ending calls.
When the malware tricks the user into setting it as the default call handler, it obtains permission to intercept and manipulate calls.
A fake call interface, designed to resemble the genuine Android dialer, displays trusted contact information and names, making the deception highly convincing and difficult for victims to detect.
This malware is particularly dangerous because it can secretly intercept a user's attempt to call their financial institution, redirecting the call to an attacker's phone number instead.
‘When the compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker,’ Zimperium’s report explained.
‘The malicious app will deceive the user, displaying a convincing fake UI that appears to be the legitimate Android's call interface showing the real bank's phone number.’
‘The victim will be unaware of the manipulation, as the malware's fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorised access to the victim's financial accounts,’ it added.
The new features and improvements in ‘FakeCall’ include the addition of a Bluetooth listener and a screen state monitor, both of which are currently without malicious functionality but indicate that the malware is under active development.
The malware leverages Android's Accessibility Service to gain extensive control over the user interface, monitor dialer activity, automatically grant itself permissions, and simulate user actions like clicks and gestures.
Furthermore, a new phone listener service establishes a communication channel with the attacker's command and control (C2) server, enabling them to issue commands to perform various actions, such as getting device location, deleting apps, recording audio or video, editing contacts, and more.
The latest variant of the malware introduces several new commands that enhance its capabilities.
It can now configure itself as the default call handler, initiate live streaming of the device's screen content, and take screenshots.
Additionally, it can unlock the device if it is locked, temporarily disable auto-lock, and use accessibility services to simulate pressing the home button.
The malware can also delete specific images as directed by the C2 server, as well as access, compress, and upload images and thumbnails from storage, particularly targeting the DCIM folder for photos.
These enhancements demonstrate that FakeCall is actively being developed, with its operators aiming to create a more elusive and powerful banking trojan.
Zimperium has released a list of indicators of compromise (IoC), such as app package names and APK checksums, to help users steer clear of the malicious apps carrying the malware. However, these identifiers are often altered by the attackers.
It is recommended that users refrain from manually installing Android apps via APKs and instead download them from Google Play.
Although malware can still infiltrate Google's platform, it can be removed once detected by Google Play Protect.
The rise of sophisticated Android malware like FakeCall highlights the increasing risks faced by mobile users, particularly when it comes to protecting sensitive financial information.
This recent development underscores the importance of vigilance in app management. In light of these threats, it is crucial to stay informed about potentially harmful apps that could compromise your device.
For instance, a recent advisory lists several Android apps that should be deleted immediately to avoid falling victim to malware attacks.
By taking proactive measures and staying updated on the latest cybersecurity threats, users can better safeguard their personal data and financial security.
Have you or someone you know encountered this malware? What is your advice to others so they won’t fall victim to this scheme? Share your experiences and tips on how to stay safe in the digital world in the comments below.
A new wave of Android malware has emerged, posing a significant threat to users by intercepting and redirecting important phone calls.
Cybersecurity experts are urging users to stay vigilant and take necessary precautions to safeguard their devices from this growing menace.
A piece of malware known as ‘FakeCall’ has been upgraded to reroute bank calls directly to attackers, posing a significant threat to the security of personal financial information.
The ‘FakeCall’ malware, a banking trojan, has evolved from its initial incarnation, which Kaspersky first reported in April 2022. It was designed to deceive victims through voice phishing (vishing) by impersonating banks and asking for sensitive information.
According to a March 2023 report by CheckPoint, 'FakeCall' has become more sophisticated, impersonating over 20 financial organisations and offering targets low-interest loans, all while featuring new evasion mechanisms to lower detection rates.
Besides engaging in vishing, FakeCall can also record live audio and video from infected devices, enabling attackers to steal sensitive data without the victim's action being required.
The updated ‘FakeCall’ Android malware now hijacks and redirects outgoing bank calls to attackers' numbers. Credit: Shutterstock
The latest version of 'FakeCall', analysed by Zimperium, has introduced a particularly insidious feature: it can now set itself as the default call handler on an Android device.
The call handler in Android manages both incoming and outgoing calls, functioning as the primary interface for processing, dialling, connecting, and ending calls.
When the malware tricks the user into setting it as the default call handler, it obtains permission to intercept and manipulate calls.
A fake call interface, designed to resemble the genuine Android dialer, displays trusted contact information and names, making the deception highly convincing and difficult for victims to detect.
This malware is particularly dangerous because it can secretly intercept a user's attempt to call their financial institution, redirecting the call to an attacker's phone number instead.
‘When the compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker,’ Zimperium’s report explained.
‘The malicious app will deceive the user, displaying a convincing fake UI that appears to be the legitimate Android's call interface showing the real bank's phone number.’
‘The victim will be unaware of the manipulation, as the malware's fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorised access to the victim's financial accounts,’ it added.
The new features and improvements in ‘FakeCall’ include the addition of a Bluetooth listener and a screen state monitor, both of which are currently without malicious functionality but indicate that the malware is under active development.
The malware leverages Android's Accessibility Service to gain extensive control over the user interface, monitor dialer activity, automatically grant itself permissions, and simulate user actions like clicks and gestures.
Furthermore, a new phone listener service establishes a communication channel with the attacker's command and control (C2) server, enabling them to issue commands to perform various actions, such as getting device location, deleting apps, recording audio or video, editing contacts, and more.
The latest variant of the malware introduces several new commands that enhance its capabilities.
It can now configure itself as the default call handler, initiate live streaming of the device's screen content, and take screenshots.
Additionally, it can unlock the device if it is locked, temporarily disable auto-lock, and use accessibility services to simulate pressing the home button.
The malware can also delete specific images as directed by the C2 server, as well as access, compress, and upload images and thumbnails from storage, particularly targeting the DCIM folder for photos.
These enhancements demonstrate that FakeCall is actively being developed, with its operators aiming to create a more elusive and powerful banking trojan.
Zimperium has released a list of indicators of compromise (IoC), such as app package names and APK checksums, to help users steer clear of the malicious apps carrying the malware. However, these identifiers are often altered by the attackers.
It is recommended that users refrain from manually installing Android apps via APKs and instead download them from Google Play.
Although malware can still infiltrate Google's platform, it can be removed once detected by Google Play Protect.
The rise of sophisticated Android malware like FakeCall highlights the increasing risks faced by mobile users, particularly when it comes to protecting sensitive financial information.
This recent development underscores the importance of vigilance in app management. In light of these threats, it is crucial to stay informed about potentially harmful apps that could compromise your device.
For instance, a recent advisory lists several Android apps that should be deleted immediately to avoid falling victim to malware attacks.
By taking proactive measures and staying updated on the latest cybersecurity threats, users can better safeguard their personal data and financial security.
.png){kind=icon}
