Malware News Updated FakeCall Malware Targets Mobile Devices with Vishing

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,563
A newly evolved form of malware called FakeCall, known for its advanced use of vishing (voice phishing), has been identified by cybersecurity researchers.

Uncovered by Zimperium’s zLabs team, this malware variant exploits voice calls, often posing as legitimate institutions, to deceive users into divulging sensitive information such as credit card details and banking credentials.

The FakeCall attack specifically targets mobile devices, taking advantage of unique mobile functions like voice and SMS capabilities. This malware strain is particularly concerning due to its sophisticated structure, which includes various malicious tools developed to control mobile device functions.

FakeCall operates by hijacking call functions on Android devices. The attack often begins when users download a seemingly benign APK file that acts as a dropper, which then installs the main malicious software.

Once installed, FakeCall can intercept and manipulate both outgoing and incoming calls, using a command-and-control (C2) server to issue commands and execute actions covertly on the device. The malware even impersonates a legitimate call interface, further deceiving users.

“The attackers using this malware have also been known to use signing keys to further enable the malware to slip past defenses,” added Jason Soroko, a senior fellow at Sectigo.

“By seamlessly mimicking legitimate interfaces, it renders detection by users nearly impossible, highlighting a critical need for advanced security solutions capable of detecting this threat. This also highlights the need to avoid bypassing app stores, and for anyone using Android please scrutinize the applications that you are downloading from anywhere.
 

lokamoka820

Level 25
Verified
Mar 1, 2024
1,468
If you’re using Android, you may want to be careful when making calls to your bank. That’s because an updated malware program called FakeCall has reportedly been hijacking outgoing Android device calls to banking institutions.

Kaspersky first discovered the FakeCall Trojan in 2022, but hackers have recently updated it with several frightening new features, including the ability to capture your device’s screen.

How Does FakeCall Work?​

FakeCall works via abuse of Android’s Accessibility Services and a technique known as “vishing,” a portmanteau of “voice” and “fishing.” According to Zimperium, a global Android, iOS, and Chromebook security firm, vishing uses social engineering and fraudulent calls to trick users into revealing confidential information or taking other dangerous actions.

If you’ve ever been contacted claiming that you’ve inherited money, or that a loved one has been incarcerated, then it’s likely that scammers targeted you for vishing. Because the callers sound urgent and authoritative, many people fall victim. It’s a growing problem, and according to the FTC, in 2022, victims of phone scams lost roughly $1,400 each to scammers.

FakeCall is more sophisticated than other scams, however, as it combines a malware component with cleverly disguised fraudulent calls. Which makes it slightly more dangerous for those unaware of its existence. It also mimics the Android phone dialer, so everything seems normal.

But, when you make an outgoing call to your bank, instead of a bank employee, you’re connected to a hacker who asks for sensitive information. And since you’re speaking with a human, you may not even suspect the impersonator is stealing your precious info.
 
Last edited by a moderator:
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top