A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware.
Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it impersonates, including the official logo and the customer support number.
When the victim tries to call the bank, the malware breaks the connection and shows its call screen, which is almost indistinguishable from the real one.
While the victim sees the bank’s real number on the screen, the connection is to the cybercriminals, who can pose as the bank’s customer support representatives and obtain details that would give them access to the victim’s funds.
Fakecalls mobile banking trojan can do this because at the moment of installation it asks for several permissions that give it access to the contact list, microphone, camera, geolocation, and call handling.
The malware emerged last year and has been seen targeting users in South Korea, customers of popular banks like KakaoBank or Kookmin Bank (KB), security researchers at Kaspersky note in a
report today.
Although it’s been active for a while, the malware has received little attention - likely due to its limited target geography - despite its fake call feature that marks a new step in the development of mobile banking threats.
