A new Android malware can mislead you by mimicking banking apps and stealing your money.
A newly found Android malware has been found that redirects bank phone calls to cybercriminals who target their victims in the form of customer support managers. The malware, called FakeCalls, has attacked users in South Korea. It mimics the interfaces of local Korean banks and acts as a spyware tool capable of copying files and recording calls from the infected phone. Kaspersky researchers have discovered that FakeCalls mimics phone calls made to a bank’s customer support and associates it with cybercriminals who obtain bank information by pretending to be the bank’s customer support representatives.
According to the report shared by Kaspersky, the Trojan has been seen targeting users in South Korea, especially customers of popular banks like KakaoBank or Kookmin Bank (KB). FakeCalls asks for more permissions at the time of installation and gets access to the contact list, microphone, camera and more.
How does the scam work?
“If the victim calls the bank’s hotline, the Trojan discreetly disconnects and opens its own fake call screen instead of the regular call app,” the report reads.
FakeCalls even shows real hotline numbers to banks in the Trojanized app, but if numbers are dialed, the malware redirects the call to cybercriminals.
First of all, the Fakecall app is disguised as an authentic banking app. When downloading, it asks for a variety of permissions, such as access to contacts, microphone, camera, geolocation, and call handling. When you allow access, the Trojan drops incoming calls and deletes them from the device history. Fakecalls Trojan even handles incoming calls and forges outgoing calls. And when cybercriminals try to contact the victim, the Trojan displays its own call screen over the phone, misleading users into seeing the phone number on the bank’s support service.
The Trojan not only imitates mobile apps from well-known South Korean banks, but they even insert the real bank logos and display the banks’ real support numbers as shown on the main page of their official websites.