Security News > 2022 > April > Android banking malware takes over calls to customer support

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank's customer support number and connect the victim directly with the cybercriminals operating the malware.

While the victim sees the bank's real number on the screen, the connection is to the cybercriminals, who can pose as the bank's customer support representatives and obtain details that would give them access to the victim's funds.

Although it's been active for a while, the malware has received little attention - likely due to its limited target geography - despite its fake call feature that marks a new step in the development of mobile banking threats.

The malware developers recorded a few phrases that are commonly used by banks to let the customer know that an operator would take their call as soon as they become available.

Kaspersky researchers say that the malware can also spoof incoming calls, allowing cybercriminals to contact victims as if they were the bank's customer support service.

"These permissions allow the malware not only to spy on the user but to control their device to a certain extent, giving the Trojan the ability to drop incoming calls and delete them from the history. This allows the scammers, among other things, to block and hide real calls from banks" - Kaspersky.

News URL

https://www.bleepingcomputer.com/news/security/android-banking-malware-takes-over-calls-to-customer-support/