Imagine calling your bank, only to end up talking to a hacker on the other end. According to a report from Zimperium’s zLabs research team, this is exactly what the sophisticated Android malware FakeCall can now do.
Zimperium explains that FakeCall uses a technique called “vishing” (voice phishing). The goal is to trick victims into divulging sensitive information such as credit card numbers and bank account details through fake phone calls and voice messages.
“FakeCall is a highly sophisticated Vishing attack that uses malware to take near complete control of a mobile device, including intercepting incoming and outgoing calls,” researchers explained. The attacker is tricked into calling a fraudulent phone number controlled by the attacker, mimicking the normal user experience on the device.
The first step is to trick the victim into downloading the APK file through a phishing attack. APKs act as droppers and install malicious payloads on devices. Once the payload is installed, the app asks the user to set it as the default phone application. This allows the app to manage incoming and outgoing phone calls.
Here’s what happens next, according to Zimperium researchers.
- impersonation fraud: By exploiting its position as a default call handler, apps can modify dialed numbers and replace them with malicious numbers. setResultData() A technique used to trick users into making fraudulent calls.
- hijack call: This malware intercepts and controls incoming and outgoing calls and secretly establishes fraudulent connections. In this case, users may not notice until they delete the app or restart their device.
With this in mind, when you try to call your bank or credit card issuer, the app will display the number you called while rerouting the call individually in the background.
FakeCall malware was previously reported by Kaspersky in 2022 and ThreatFabric in 2023. Zimperium is tracking new variants that introduce more advanced features, such as monitoring Bluetooth status and screen health, capturing information displayed on the screen, and issuing commands. on an infected device.
This Android malware is another reason to avoid downloading apps and APKs that are not available on the official Google Play Store.
