Security News > 2022 > April > Android banking malware intercepts calls to customer support
A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank's customer support number and connect the victim directly with the cybercriminals operating the malware.
While the victim sees the bank's real number on the screen, the connection is to the cybercriminals, who can pose as the bank's customer support representatives and obtain details that would give them access to the victim's funds.
Although it's been active for a while, the malware has received little attention - likely due to its limited target geography - despite its fake call feature that marks a new step in the development of mobile banking threats.
The malware developers recorded a few phrases that are commonly used by banks to let the customer know that an operator would take their call as soon as they become available.
Kaspersky researchers say that the malware can also spoof incoming calls, allowing cybercriminals to contact victims as if they were the bank's customer support service.
"These permissions allow the malware not only to spy on the user but to control their device to a certain extent, giving the Trojan the ability to drop incoming calls and delete them from the history. This allows the scammers, among other things, to block and hide real calls from banks" - Kaspersky.
News URL
Related news
- Vultur banking malware for Android poses as McAfee Security app (source)
- PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (source)
- PixPirate Android malware uses new tactic to hide on phones (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- SoumniBot malware exploits Android bugs to evade detection (source)