“FakeCall” Malware for Android Phones Intercepts Calls to Your Bank
- New malware designed for Android phone users
- Fakecall software redirects calls to scammers
- Download apps only from official stores -- do not allow installations from unknown sources
During the pandemic, we saw a shift of banking customers -- who, at the time, could not or would not go to their local branch -- utilizing their mobile phones for daily banking. This behavior has continued to this day, as banking apps make it convenient for everything from determining balances to depositing checks.
Unfortunately, mobile phones users, specifically Android, have a new dangerous threat...
"FakeCall" Malware Targets Android Phones
Frank on Fraud warns of a new form of malware called FakeCall, which targets Android phone users, allowing scammers to hijack calls made to banks and impersonate customer service. The malware can control the phone's dialer, turn on the microphone to record conversations, monitor the screen, and track the user's location.
This sophisticated scam tricks victims into thinking they are speaking with their bank when they are actually talking to cybercriminals. The scammers then try to obtain sensitive information like login credentials and one-time passcodes.
According to Dark Reading, vishing scams [phone-based phishing attacks] that target Android phone users are getting extremely realistic thanks to new malware.
The malware hijacks a victim’s phone call to a bank and redirects it to scammers. This deceptive malware can make people believe they’re speaking with their bank’s customer service when talking to cybercriminals.
The first step is getting victims to download an app with FakeCall malware embedded in it. The app requests permissions once installed -- like any app -- but accepting the permissions gives the malware control over all phone calls.
To protect against this threat, experts recommend only downloading apps from official stores, carefully reviewing app permissions, and never sharing confidential information over the phone. Installing robust security software is also crucial.
App Awareness
You can avoid becoming a victim of this scam. Kaspersky recommends several options and links additional articles on the topic. Here are some of his tips:
- Download apps only from official stores and do not allow installations from unknown sources. Official stores run checks on all programs, and even if malware still sneaks in, it usually gets promptly removed.
- Pay attention to what permissions apps require and whether they need them. Don’t be afraid to deny permissions, especially potentially dangerous ones like access to calls, text messages, accessibility, etc.
- Never give confidential information over the phone. Real bank employees will never ask for your online banking login credentials, PIN, card security code, or confirmation codes from text messages. If in doubt, go to the bank’s official website and find out what employees can and cannot ask about.
- Install a robust solution that protects all your devices from banking Trojans and other malware.
Vulnerabilities of Mobile Devices
For many, their mobile device runs their lives. However, this makes the mobile device a prime target for fraudsters. Everything they could possibly want is in the palm of the potential victim's hand.
The FakeCall malware affects only Android users; however, if a fraudster is able to get a bank account owner's login credentials, the fraudster will have full rein to take over the account, steal funds, or even utilize that account as a drop account.
Financial institutions have the ability to deploy different technologies that can protect their customers. Behavioral analytics assess the activity of the account and flag any suspicious activities. Image forensic AI along with consortium data analyzes the checks being deposited through mRDC to validate the legitimacy of the payment. Bank mobile apps use geolocation to identify the area in which the account is being accessed as well.
Remember, customers expect their banks to protect them -- even if the customer is the cause of the issue. When it comes to a customer's financial well-being, it's crucial that banks deploy the technologies necessary to protect their customers from becoming victimized.