Android malware “FakeCall” now reroutes bank calls to attackers

Android malware

October 30, 2024 at 10:58AM

The new FakeCall malware for Android hijacks users’ outgoing calls to banks, redirecting them to attackers. It features advanced voice phishing tactics, realistic interfaces, and can capture audio/video. Recent improvements include additional control functionalities and commands, making it a more dangerous banking trojan. Users are cautioned against installing APKs directly.

**Meeting Takeaways: FakeCall Malware Insights**

1. **Overview of FakeCall Malware**:
– The latest version of FakeCall malware specifically targets Android devices, hijacking outgoing calls to banks and redirecting them to the attacker’s phone number.
– The primary objective is to steal sensitive information and funds from bank accounts.

2. **Nature of the Threat**:
– FakeCall operates as a banking trojan focusing on voice phishing (vishing), tricking victims into providing sensitive information during fraudulent calls.
– Initially reported by Kaspersky in April 2022, FakeCall has advanced to impersonate over 20 financial organizations, offering fake low-interest loans and employing mechanisms to evade detection.

3. **Technical Mechanism**:
– The malware requests users to set it as the default call handler upon installation, thus gaining the ability to intercept and manipulate calls.
– It features a convincing fake call interface that mimics the Android dialer, making it challenging for victims to recognize the deception.

4. **Recent Developments**:
– New functionalities include a Bluetooth listener, screen state monitor, and extensive control over the device’s UI through Android’s Accessibility Service.
– Added capabilities allow attackers to gain device location, delete apps, record audio/video, and manage contacts.

5. **Operational Insights**:
– A new phone listener service connects to the attacker’s command and control (C2) server, facilitating various commands including live streaming, taking screenshots, unlocking devices, and managing media files.

6. **Security Recommendations**:
– Users are advised to avoid manually installing apps via APKs; instead, they should download from Google Play to leverage Google Play Protect for malware detection and removal.
– Zimperium has provided indicators of compromise (IoC) to help users identify and avoid infected applications, noting that these identifiers may frequently change.

7. **Continued Vigilance Required**:
– The ongoing development and enhancement of FakeCall underscore the need for heightened security awareness and proactive measures among Android users to protect against such threats.

Full Article