Malware News Android Banking Trojan Fakebank Adds Vishing Dimension

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Symantec has warned of a new variant of the Fakebank Android malware family that adds a “vishing” (voice phishing) angle: Once installed, the malware will intercept mobile calls a user attempts to make to a bank, redirecting them to a scammer impersonating an agent working for the bank.

The new version is sneaky too: It displays a fake caller ID to make it appear as though the call is really from the legitimate bank.

Symantec said in a blog that at least 22 fake mobile apps, found in third-party Android markets and some social media sites, are targeting Korean bank clients with the malware. Fakebank typically collects bank SMS messages, records phone calls to banks and displays a fake bank login user interface to victims; the ability to intercept incoming and outgoing calls is a fresh capability.

“The Fakebank Android malware could soon be a model adopted by malware makers in parts of the world outside South Korea,” said Paul Bischoff, privacy advocate at Comparitech, via email.

Even though the attack uses a fairly novel approach to scam users, Android owners can avoid it using the same best practices used to avoid any other type of malware, he added: “First, update Android to the latest stable version. The newest release, Oreo, prevents the caller ID from being spoofed by the malware. Avoid downloading apps and files from unknown sources. Don't trust apps from third-party app stores, and be wary of links in web pages and emails. It’s also important to review and limit the permissions of apps you install and install and run antivirus regularly.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top