A new version of the FakeCall malware for Android is hijacking outgoing calls from users to their bank, redirecting them to attackers’ phone numbers instead. The goal remains to steal people’s sensitive information and money from their bank accounts.
FakeCall is a banking trojan that focuses on voice phishing, tricking victims into believing they are on a call with their bank. Kaspersky first reported the trojan in April 2022, highlighting its realistic-appearing calling interfaces.
The latest version of FakeCall now sets itself as the default call handler, asking users to approve this action upon installation through an Android APK. This allows it to intercept and manipulate both outgoing and incoming calls. A fake call interface mimics the actual Android dialer, displaying trusted contact information and names to deceive victims.
When a user attempts to call their financial institution, the malware secretly hijacks the call and redirects it to an attacker’s phone number instead. The attackers can then extract sensitive information or gain unauthorized access to the victim’s financial accounts.
Zimperium has discovered that the latest FakeCall versions add several improvements and attack mechanisms, including leveraging Android’s Accessibility Service to monitor dialer activity and automatically grant permissions. New commands added include simulating user actions like clicks and gestures, deleting images, and accessing storage.
To avoid this malware, users are advised to install apps only from Google Play and be cautious of manually installing APKs through Android APKs. While malware can still make it onto Google’s service, when detected, it can be removed by Google Play Protect.
Source: https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/