A new version of ‘FakeCall’ malware found by Zimperium threatens Android users with data theft and call interception capabilities.
The malware ‘FakeCall’ uses Vishing, a voice phishing technique that tricks victims into disclosing sensitive information, including login credentials, credit card numbers, and banking details, via fake calls or messages.
“Mishing” is a term that covers mobile-targeted phishing techniques, and Vishing is one of the methods within this category. Attackers use mobile features like voice calls, SMS, and cameras to exploit vulnerabilities. Mishing includes the following attack methods:
- Vishing (voice phishing)
- Smishing (SMS phishing)
- Quishing (QR code phishing)
- Email-based mobile phishing
The US-based firm warns that this malware gains access to phones, collecting financial information and passing it on to remote hackers.
When users try to call their bank, the malware redirects them to hackers who impersonate bank representatives, enabling them to steal sensitive data and siphon off money.
The ‘FakeCall’ malware, a form of banking Trojan, redirects users’ calls, putting them at risk of falling for scams.
Discovered by Kaspersky in 2022, this latest iteration of the malware boasts a more sophisticated call interface, making it increasingly difficult for users to spot the fraud.
‘FakeCall’ malware, as identified by Zimperium’s researchers, enters phones through a range of apps, setting itself as the default call handler and requesting control over phone calls.
This gives the malware the ability to make and receive calls at any time. When users try to contact their bank via an app, the malware redirects the call to a hacker’s number instead.
Hackers impersonate bank officials, enticing users with offers they can’t resist, then emptying their accounts.
STEPS TO STAY SECURE
- To protect against ‘FakeCall’ malware, cybersecurity experts recommend that users only download apps from the Google Play Store or other reputable, official app stores.
- Caution is advised when installing apps from unfamiliar developers, with regular checks on permissions—particularly those related to data collection—and the use of reliable antivirus software for extra protection.
- Always be cautious when sharing confidential details over the phone. Real bank staff will never ask for your online banking credentials, PIN, card security code, or text message confirmation codes. If in doubt, check the bank’s official website to confirm what they are allowed to ask for.