Android Trojan that intercepts voice calls to banks just got more stealthy
Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.
FakeCall first came to public attention in 2022, when researchers from security firm Kaspersky reported that the malicious app wasn’t your average banking Trojan. Besides containing the usual capabilities for stealing account credentials, FakeCall could reroute voice calls to numbers controlled by the attackers.
The malware, available on websites masquerading as Google Play, could also simulate incoming calls from bank employees. The intention of the novel feature was to provide reassurances to victims that nothing was amiss and to more effectively trick them into divulging account credentials by having the social-engineering come from a live human.
The interception was possible when victims followed instructions during installation to grant permission for the app to become the default call handler on the Android device. From then on, FakeCall could detect calls to a bank’s legitimate customer-support number and reroute them to an attacker-controlled number. To better hide the sleight-of-hand, the Trojan can display its own screen over the system's.
:max_bytes(150000):strip_icc()/GettyImages-1070525554-a8fa52959c25488b824064f48628508c.jpg)
