This Android Malware Can Hijack Phone Calls to Customer Support
Security researchers have uncovered a strain of Android malware that can secretly reroute your banking phone calls to cybercriminals in the guise of customer support.
The malware, dubbed FakeCalls, has been targeting users in South Korea. It primarily functions as a Trojan that mimics the interfaces of local Korean banks, but the malware is designed to act as a spyware tool capable of copying files and recording calls from the infected phone.
Antivirus provider Kaspersky analyzed FakeCalls and noticed it can also imitate phone conversations made to a bank’s customer support.
“If the victim calls the bank’s hotline, the Trojan discreetly breaks the connection and opens its own fake call screen instead of the regular calling app,” the company wrote in a Monday report. “The call appears to be normal, but in fact the attackers are now in control.”
FakeCalls will also display real-life hotline numbers to banks within the Trojanized app. But if the numbers are called, the malware will work in the background to redirect the call to the cybercriminals, who will be ready to impersonate the bank.
“After that, the attackers, under the guise of a bank employee, can try to coax payment data or other confidential information out of the victim,” Kaspersky said.
If the cybercriminals are busy, the malware can also trigger a prerecorded track to play, imitating the standard greeting from the bank. In addition, FakeCalls can spoof incoming calls from official banks, allowing the cybercriminals to call the victim back.
However, FakeCalls has at least one noticeable flaw. “The only thing that might give away the Trojan at this stage is the fake call screen,” Kasperksy’s report said. “Fakecalls has only one interface language: Korean.
Read more on pcmag.com
