This Android malware can divert phone calls to customer support

Security researchers have discovered a strain of Android malware that can secretly redirect your banking phone calls to cybercriminals under the guise of customer support.

The malware, dubbed FakeCalls, targets users in South Korea. It mainly functions as a Trojan that mimics the interfaces of local Korean banks, but the malware is designed to act as spyware capable of copying files and recording calls from the infected phone.

Antivirus vendor Kaspersky has analyzed FakeCalls and found that it can also mimic phone conversations made with a bank’s customer support.

FakeCalls interface (Picture: Kaspersky)

“If the victim calls the bank’s hotline, the Trojan quietly terminates the connection and opens its own fake call screen instead of the usual call app,” the company wrote in a report released on Monday. “The call seems to be normal, but in fact the attackers are now in control.”

FakeCalls will also display actual bank support numbers in the Trojan app. But if the numbers are called, the malware will work in the background to redirect the call to the cybercriminals, who will be ready to impersonate the bank.

fake call interface

(Picture: Kaspersky)

“After that, attackers, disguised as a bank employee, can try to obtain payment data or other confidential information from the victim,” Kaspersky said.

If cybercriminals are busy, the malware can also trigger a pre-recorded track to play, mimicking the standard bank greeting. Additionally, FakeCalls can spoof incoming calls from official banks, allowing cybercriminals to call the victim back.

Recommended by our editors

However, FakeCalls has at least one notable flaw. “The only thing that could reveal the Trojan at this point is the fake call screen,” Kasperksy’s report says. “Fakecalls only has one interface language: Korean. This means that if another system language is selected on the phone – say English – the victim will likely smell like a rat.

The malware is a reminder to make sure that your downloaded apps are from legitimate sources. Kaspersky also notes that the FakeCalls malware requires the user to grant permission to many functions, such as microphone and camera access, which a banking app should never need. To stay protected, users should consider installing an antivirus app on their phone.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.","first_published_at":"2021-09-30T21:22:09.000000Z","published_at":"2022-03-24T14:57:33.000000Z","last_published_at":"2022-03-24T14:57:28.000000Z","created_at":null,"updated_at":"2022-03-24T14:57:33.000000Z"})" x-show="showEmailSignUp()" class="rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs">
Do you like what you read ?

Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

Comments are closed.