A newly evolved form of malware called
FakeCall, known for its advanced use of vishing (voice phishing), has been identified by cybersecurity researchers.
Uncovered by Zimperium’s zLabs team, this malware variant exploits voice calls, often posing as legitimate institutions, to deceive users into divulging sensitive information such as credit card details and banking credentials.
The FakeCall attack specifically targets mobile devices, taking advantage of unique mobile functions like voice and SMS capabilities. This malware strain is particularly concerning due to its sophisticated structure, which includes various malicious tools developed to control mobile device functions.
FakeCall operates by hijacking call functions on Android devices. The attack often begins when users download a seemingly benign APK file that acts as a dropper, which then installs the main malicious software.
Once installed, FakeCall can intercept and manipulate both outgoing and incoming calls, using a command-and-control (C2) server to issue commands and execute actions covertly on the device. The malware even impersonates a legitimate call interface, further deceiving users.
“The attackers using this malware have also been known to use signing keys to further enable the malware to slip past defenses,” added Jason Soroko, a senior fellow at Sectigo.
“By seamlessly mimicking legitimate interfaces, it renders detection by users nearly impossible, highlighting a critical need for advanced security solutions capable of detecting this threat.
This also highlights the need to avoid bypassing app stores, and for anyone using Android please scrutinize the applications that you are downloading from anywhere.”
www.infosecurity-magazine.com
