A New Form of Malware Imitates the Phone Call Interface of Banks to Trick Users into Handing Over User Data

A new Android malware is making the rounds under the guise of help centers from banks and other such locations.

With the skyrocketing reports of businesses and individuals being duped and swindled by malware, phishing attacks, and cybercrime in general, one has to wonder whether or not people are just getting dumber by the second. The more likely answer, however, is that cybercriminals are just getting smarter and smarter. Even if there is a lack of awareness regarding the multiple different ways that individuals can get scammed online, the general populace has developed a sense of reticence with their public information online. Whether it be refusing to share personal details, or 40-year-old Facebook moms making posts declaring that Facebook cannot use their private data, people have become aware of just how hazardous online spaces can be. Of course, your average online scammer apparently decided to take this developing sense of personal security as a challenge and up the ante. To that end, I present to you probably one of the worst forms of malware to enter a phone: FakeCalls.

Even careful individuals do sometimes choose to share their information online. It all comes down to the recipient of said information being a trustworthy source. Or, more accurately, whether the former believes the latter to be a trustworthy source. FakeCalls essentially mimics the same call interface that one would encounter when calling their local bank, therefore allowing cybercriminals to siphon off important data such as credentials and credit card details. The Trojan nestles inside Android devices, waits for users to make such a call, and then redirects said call to the site of origin (the cybercriminals, in this case). From there on out, all the attackers have to do is put on a convincing performance for a few minutes, and bang! The victim’s credit score gets riddled with bullets like it’s Butch Kassidy.

How does the Trojan even end up on a phone in the first place, however? Cybersecurity firm Kaspersky suspects that most attacks originate from users unsuspectingly downloading an unverified Android application that harbors the virus. Another source could just be links set up by phishing attackers, which encourage users to download a fun game or something of the sort. The virus just coasts along with the download, and causes havoc on the victim’s phone.

Currently, all iterations of FakeCalls are originating from South Korea. While this definitely bodes ill for the population there, it kind of spells out good news for everyone else. What this means is that the fake call interface will always display the Korean alphabet, which can alert victims to their phone being infiltrated. Then it’s just a matter of running an anti-Trojan and purging their phone.


Read next: Data Reveals That Organizations Are Growing More Acquiescent To The Demands Of Ransomware
Previous Post Next Post