What if you called your bank and ended up speaking to a hacker instead? That’s exactly what the new version of the Android malware FakeCall can do, according to a report from Zimperium’s zLabs research team.1
Here’s what you need to know to protect your personal information and finances.
Beware of FakeCall
FakeCall is a type of malware designed to target Android phones, and it could be lurking on your device right now. When you try to reach your bank, this malware reroutes the call so that hackers answer instead of your bank’s support team. Zimperium’s zLabs team is monitoring this new version of dangerous malware, which was previously reported by ThreatFabric, CheckPoint, and Kaspersky.
The malware operates using a method known as “vishing,” or voice phishing, which is a form of a social engineering attack. It’s when fraudsters use phone calls or voice messages to deceive you into giving up sensitive information like your login credentials, credit card numbers, or bank account information to use illicitly.
New Version of FakeCall
FakeCall earlier versions would ask the user to call their bank from within the fake app. When they did, the malware would show them a fake screen with the bank’s actual phone number. However, the victim was really connected to the scammers, not the bank.
In the latest version, FakeCall asks the user to set the app as the default call handler when they install the app via an Android APK.
Once set as the default, FakeCall mimics and displays a fake Android user interface (UI) that shows trusted contact information to deceive you. So, when you try to call your bank, the malware secretly reroutes the call to an attacker’s number.
The attacker controls the fake interface and misleads you into thinking you’re talking to your bank. This allows them to steal your personal information or access your financial accounts without you knowing.
FakeCall Gets New Tools To Take Over Your Device
According to the Zimperium report, the latest FakeCall versions now use Android’s Accessibility Service to take control of your phone. Once you grant the app permissions, it can live stream your screen, take screenshots, unlock your device, and even delete specific images. In addition, it can mimic pressing the home button and can access, compress, and upload photos, especially from your DCIM folder.
FakeCall also added a Bluetooth listener and screen monitor, which aren’t active yet. Plus, a new service connects your phone to the attacker’s server, allowing them to track your location, delete apps, record audio or video, and edit contacts remotely.
These updates show that FakeCall is constantly being developed to become a more powerful and sneaky banking trojan.
In its report, Zimperium has shared a list of indicators of compromise (IoC), which are basically warning signs. These include APK checksums, app package names, URLs, and IPs, to help you skip the apps carrying this malware (though attackers frequently change these details to stay undetected).
Why You Should Use Google Play For App Downloads
In the first quarter of 2024, researchers found 389,178 malware and unwanted software packages on Android devices. The number dropped slightly to 367,418 in the second quarter, but included 13,013 packages for mobile banking Trojans.1 This shows that Android malware is growing more common and dangerous.
So, stick to Google Play for downloading apps. It’s a safer choice than installing apps manually through APK files. Malware can still appear on Google Play, but Google Play Protect can remove it once detected.
Even the National Security Agency (NSA) strongly recommends that you keep your phone and apps updated. These updates, called patches, often resolve security issues that make it harder for hackers to get into your device.
FAQ
What Are The Dangers Of Android Malware?
Android malware can steal your personal and business information, track your location, record calls, and even control your device. It puts your privacy and financial data at risk and can lead to identity theft or money loss.
How Does This Malware Put Our Company’s Financial Information At Risk?
This malware can hijack calls, steal sensitive data, and access bank details that puts your company’s finances at risk. It can track your activity and capture login info, thus giving hackers a way to control accounts. To stay safe, only use trusted apps, keep devices updated, and use strong security measures on all work devices.
How Can Our Business Protect Employee Phones From Android Malware?
To protect employee phones from Android malware, follow 2Secure’s key tips: first, encourage regular backups, so important data isn’t lost if malware strikes. Second, use reliable recovery tools to quickly improve any issues. Only allow trusted apps from Google Play, keep devices updated, and consider endpoint protection to safeguard all your devices.
Source:
- Ortega, F. (2024, October 30). Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware – Zimperium. Zimperium. https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
