New warning for Android users
This week has brought another wave of alarming news about Android malware, with new warnings about dangerous new spyware infecting your devices. As malware goes, this malware is extremely nasty and can intercept phone calls, live stream the device screen to the attacker, read, send, or delete texts, and even take photos with the camera. There is also.
Zimperium warns that “our zLabs team is actively pursuing a new variant of a well-known malware named FakeCall.” Additionally, previous versions of this malware were reported by Kaspersky and ThreatFabric, but this malware has now been enhanced.
But essentially, the core of the attack is the same as before. FakeCall intercepts incoming and outgoing calls and “victims are tricked into calling a fraudulent phone number controlled by the attacker.” The underlying code has been modified to make it harder to find, and new features have been added, some of which are not yet publicly available.
First of all, when you download a malicious app that loads malware on your phone, the app prompts the user to set the app as the default call handler. You will be able to manage all your incoming and outgoing calls.
So let me be clear: Never allow a new app to become your phone’s default call handler. You may have a reason to change from the default Android apps, in which case you should only download commonly referenced apps from mainstream developers from the Play Store. It’s not like this.
Second, all malicious FakeCall apps are sideloaded. That is, it can be installed directly or from a third-party app store. You will be directed to the installation by a social media post, text/WhatsApp, or email. Don’t take the bait.
As Zimperium explains, “By exploiting its position as a default call handler, an app can change the dialed number and replace it with a malicious number… to trick users into making fraudulent calls. This malware tricks you into applying… [also] Intercept and control incoming and outgoing calls and secretly establish fraudulent connections. In this case, users may not notice until they delete the app or restart their device. ”
The purpose of this spyware is to steal your hard earned money. Waiting on your device to contact known financial institutions. When this is done, the “malware redirects the call to a fraudulent number controlled by the attacker. The malicious app tricks the user into displaying a genuine bank phone number like a legitimate Android calling interface. Displays a visible fake UI. The malware’s fake UI mimics a real banking experience, so the victim is unaware of the operation and allows the attacker to extract sensitive information or access the victim’s financial account. It can be accessed illegally.”
But if you do these three things, you won’t get caught like this.
- Similar to above, do not reset the default call handler.
- Don’t sideload apps onto your device. Even Google is now warning against this
- Make sure Play Protect is enabled on your phone
Google is cracking down on sideloading and has expanded Play Protect beyond its own Play Store apps to cover apps from other sources as well. Android 15’s new live threat detection is also expected to roll out to upgraded phones soon. This forces you to monitor this type of malicious behavior in real-time, even if your app hasn’t been flagged yet.
Meanwhile, you can also check if there are any known FakeCall apps on your phone. Zimperium provides details here. You can also ensure that the default call handler has not been changed, that no unexpected accessibility service permissions have been set, and that Play Protect is always enabled.
