Zimperium researchers have discovered a new version of the FakeCall malware for Android, posing a serious threat to financial security.
Zimperium researchers have discovered a new version of the FakeCall malware for Android, posing a serious threat to financial security.
This malware intercepts outgoing calls from users to their banks and redirects them to the attacker's phone number instead. The latest version aims to steal sensitive information and funds from people's bank accounts.
FakeCall (or FakeCalls) is a banking trojan designed for voice phishing, where victims are tricked into providing sensitive information through fraudulent calls that impersonate banks.
The new version has improved evasion techniques and data theft capabilities, primarily targeting users in South Korea.
Earlier versions of FakeCall tricked users into reaching out to scammers by showing a fake bank screen that included a legitimate bank number. In the most recent version, FakeCall now sets itself as the default call handler when installed, giving it control over all outgoing calls.
In the latest version examined by Zimperium, the malicious app requests users to set it as the default call handler during installation via an Android APK.
The Android call handler is responsible for managing incoming and outgoing calls, serving as the primary interface for dialing, connecting, and ending calls.
By prompting the user to set it as the default call handler, the malware can intercept and manipulate both incoming and outgoing calls.
It features a fake call interface that closely resembles the genuine Android dialer, displaying trusted contact names and information, which heightens the deception to a level that makes it difficult for victims to recognize.
This malware is dangerous because it can secretly hijack calls when users try to contact their financial institution, redirecting them to the attacker’s phone number instead.
"When the compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker," explains the new Zimperium report.
"The malicious app will deceive the user, displaying a convincing fake UI that appears to be the legitimate Android's call interface showing the real bank's phone number."
The victim will remain oblivious to the manipulation, as the malware's fake interface closely resembles the genuine banking experience.This allows the attacker to access sensitive information or gain unauthorized access to the victim's financial accounts.
“This receiver functions primarily as a listener, monitoring Bluetooth status and changes. Notably, there is no immediate evidence of malicious behavior in the source code, raising questions about whether it serves as a placeholder for future functionality.” reads the report.
Zimperium has released a list of indicators of compromise (IoC) for the latest malware version.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.