A new banking trojan dubbed Fakecalls is currently compromising Android device users to hijack their phone transactions with a bank’s customer support number. The operators of this new campaign intercept incoming and outgoing calls to redirect customers to the fake lines designed by the cybercriminals.
The malware portrays itself as a mobile application from popular banks like Kookmin Bank and KakaoBank. If a user attempts to call the customer support of the affected banks, the Fakecalls banking trojan will intercept and break the connection and display its call screen. It will then replace the original call screen with a fabricated one to appear if the user did not miss the call.
The scammers operating this banking trojan will then act as a support representative after the successful interception of Fakecalls. Hence, the threat actors could acquire access to the victim’s bank account.
The Fakecalls banking trojan can run a pre-recorded message that impersonates the phrases often utilised by banks to greet customers that have concerns regarding their wallets.
The threat actors also utilise these phrases commonly used by banks to inform customers that they can contact them whenever they are available for future inquiries.
Furthermore, the trojan can impersonate incoming calls, enabling the threat actors to communicate with the victims as if they were the proper customer support service from the banks.
During post-infection, the threat actors can also spy on the activities of the compromised user on their devices by broadcasting video and audio in real-time. The actors can also locate the current location of the infected device and copy files such as contacts, photos, & videos, along with past text messages.
Although Fakecalls has appeared for about one year now, it has received little attention due to its limited scope of targets. However, the threat actor’s latest utilisation of the fake call function is new in mobile banking malware evolution.
The Fakecalls banking trojan shows an entirely new method to control customer support calls. Experts recommend downloading apps only from legitimate app stores and analysing an app’s requested permissions before giving access. Users should also install competent anti-malware applications on mobile devices.