New FakeBank variant intercepts phone calls to connect Android users to scammers

New FakeBank variant intercepts phone calls to connect Android users to scammers

A new variant of the infamous FakeBank Android malware has been discovered recently. This new FakeBank variant has the ability to intercept phone calls that victims are making to their banks where they are redirected to scammers instead.

As you probably know by now, FakeBank is a banking Trojan designed to show fake login screens on top of a legitimate banking app in an infected device. This Android malware has become one of the Android threats on the market that made its mark because of its creative way of executing its attack.

FakeBank has whitelisted its process in the past to remain active on the infected device while it goes into sleep mode. Aside from that, it also used TeamViewer to grant cyber crooks full access to the infected Android device. These tactics were both innovative at that time. However this new FakeBank variant is in a league of its own – according to security experts, even though this Android malware still behaves like a typical banking Trojan, it performs its attack with a twist.

During its attack, the new FakeBank variant intercepts phone call every time a user attempts to call a bank’s number. After that, it switches the dialed number to one that is preconfigured in its configuration file which leads users to scammers that will try to collect their banking credentials. In the same manner, developers of FakeBank can also call victims from a special number which is included in its configurations file where the malware – FakeBank will display the number as if the call is from the victim’s bank leading the victim to believe that the call is from his/her bank. This would allow the cyber crooks to carry out scams easily without having the victims suspect the call to be anything but suspicious.

At the time of writing, this new Android strain of malware is only active in South Korea according to the report made by the researchers from Symantec. In addition, security experts also found this Android malware inside 22 Android apps that are being distributed in third-party app stores using links that are shared over social media platforms. This only shows that the weakest point in the Android operating system is the installation process of apps where users really have to pay a closer look to what their apps are installing, from where as well as what permissions they are giving to these apps and whether the permissions asked are justified by its features. An ideal scenario would be is if users would limit installing apps from the official Google Play Store where they have to go through a malware scanning process before they can install the app.

Google has released its annual Android Security Report which reveals that it still scans over 50 billion apps each day with the goal of finding malicious apps.

“In 2017, downloading a [potentially harmful application] from Google Play was less likely than the odds of an asteroid hitting the earth,” Google stated.