Check out our latest product offering with advanced features.
A new version of the FakeCall malware for Android may redirect your bank calls to cybercriminals. FakeCall is a banking trojan that uses voice phishing by impersonating banks in fraudulent calls to obtain sensitive information from victims. This malware could also access the infected devices' live audio and video streams. This was first discovered by Kaspersky in 2022, the new version of FakeCall was recently updated with new features.
The cybersecurity firm Zimperium recently found the new version of FakeCall, which uses a technique called ‘Vishing’ and is a short form for voice phishing. It involves making fake phone calls or sending voice messages to users and hoaxing victims into sharing sensitive information such as credit card numbers, login infos, and other banking details.
One of the most insidious features of FakeCall is its ability to evade detection. It uses a variety of techniques to avoid being flagged by security software, including using multiple app names to appear as legitimate banking apps. As a result, it can be difficult for users to recognize that their device has been compromised
FakeCall can also be distributed through third-party app stores or unverified download links. Since the app is often disguised as a legitimate banking app, users may download it without realizing the risk. Some versions of FakeCall may be bundled with other fake financial apps, appearing as banking tools like account checkers, loan applications, or budgeting aids. These apps are designed to look legitimate, often copying logos and interfaces from well-known financial institutions, so users may not suspect anything amiss. Users often trust apps that they think are related to their financial activities. By impersonating well-known brands, the Trojan leverages this trust to bypass cautious behavior that might otherwise prevent installation, such as checking app permissions or downloading only from official app stores. Android users not aware of the presence of danger download and install an APK file on their phone, FakeCall asks users to set itself as the default dialer app. Obtaining the required permission, the malware gets control over the user's device using the Accessibility service and takes notes of all outgoing and incoming calls. Subsequently, FakeCall versions tricked users into calling scammers by showing a fake bank screen with the bank’s real number. Users often trust apps that they think are related to their financial activities. By impersonating well-known brands, the Trojan leverages this trust to bypass cautious behavior that might otherwise prevent installation, such as checking app permissions or downloading only from official app stores.
For instance, the attacker might claim there is an issue with the victim’s bank account, prompting them to “verify” information or install additional malware to fix the problem.
In the latest version, FakeCall sets itself as the default call handler upon installation, controlling all outgoing calls. Upon detecting specific events (i.e., TYPE_WINDOW_STATE_CHANGED), it can automatically grant permissions for the malware, bypassing user consent. Finally, the malware could give remote attackers take full control of the victim’s device UI, allowing them to simulate user interactions, such as clicks, gestures, and navigation across apps. This capability enables the attacker to manipulate the device with precision.
FakeCall may use encryption or other obfuscation methods to hide its malicious code from security software. The malware may disguise itself under multiple names or update itself to avoid detection by known virus definitions. Since it manipulates system-level functions (like the call handler), FakeCall operates in a way that is often hidden from the average user. It may not show up in the app drawer or appear as an unusual process in task managers, making it harder to spot. FakeCall often gains full control over the device by requesting broad permissions during installation, such as the ability to manage calls, access contacts, and even record phone conversations. Once it has these permissions, it becomes much more difficult for users to detect the intrusion without advanced diagnostic tools.
By understanding how FakeCall operates, the dangers it poses, and the ways it can be avoided, you can better protect yourself from falling victim to this sophisticated Trojan. Always be cautious when downloading apps and granting permissions, especially when it comes to financial transactions or sensitive information.
