Android Malware Intercepts Phone Calls to Connect Banking Users to Scammers

[Faybert]

A new variant of the FakeBank Android malware includes the ability to intercept phone calls victims are making to their banks, and redirecting users to scammers.

FakeBank is a banking trojan that operates by showing fake login screens on top of a legitimate banking app. Historically, this malware has been one of the most creative Android threats on the market.

In the past, the malware whitelisted its process to remain active while the user's phone went into sleep mode; and also used TeamViewer to grant attackers full access to an infected device.

FakeBank can intercept phone calls
Such tactics were both innovative at the time, but this new FakeBank version is something unique on its own. Security experts say the malware still acts like a regular banking trojan, but with a twist.

Whenever the user attempts to call his bank's number, FakeBank intercepts the call and switches the dialed number to one preconfigured in its configuration file, leading users to scammers that collect their banking information.
...
...
...

FakeBank active in South Korea only
This new FakeBank variant is currently active only in South Korea, Symantec researchers said today in a report. Experts found the FakeBank banking trojan inside 22 Android apps distributed via third-party app stores and via links shared on social media sites.

This, once again, shows that the weakest chain in the Android ecosystem is the app installation process, to which users must pay special attention to what apps are they installing, from where, what permissions are they giving these apps, and if these permissions are justified based on the app's features.
....
....