Updated Android malware can hijack calls you make to your bank

Updated Android Malware Can Hijack Calls You Make To Your Bank

Do you remember those TV shows where the villain gets defeated in one season but comes back even stronger in the next? Think “Stranger Things” on Netflix. The malware we’re talking about here is just like that. It’s called FakeCalls, and every time researchers figure out how it infects devices, it evolves with new ways to hide. 

Earlier this year, it was reported to be impersonating large financial institutions, and now security researchers have discovered that the malware has gone through another upgrade. It can even hijack the calls you make to your bank using your Android phone.

ENTER CYBERGUY’S $500 HOLIDAY GIFT CARD SWEEPSTAKES

FakeCalls is a banking trojan that focuses on voice phishing, where victims are deceived through fraudulent calls impersonating banks and are asked to share sensitive information. Earlier versions did this by prompting users to call the bank from within an app that impersonated the financial institution, as reported by Bleeping Computer. However, the latest version, analyzed by Zimperium, sets itself as the default call handler.

The default call handler app manages incoming and outgoing calls, allowing users to answer, reject or initiate calls. Giving these permissions to a malicious app, as you can imagine, carries serious risks.

When a user gives the app permission to set itself as the default call handler, the malware gets the green light to intercept and mess with both outgoing and incoming calls. It even shows a fake call interface that looks just like the real Android dialer, complete with trusted contact info and names. This level of deception makes it really tough for victims to see what’s happening.

“When the compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker,” explains the new Zimperium report. “The malicious app will deceive the user, displaying a convincing fake UI that appears to be the legitimate Android’s call interface showing the real bank’s phone number.”

“The victim will be unaware of the manipulation, as the malware’s fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts,” the report added.

ANDROID BANKING TROJAN EVOLVES TO EVADE DETECTION AND STRIKE GLOBALLY

This malware not only hijacks your calls but can also steal your data. It gets access to Android’s Accessibility permissions, which basically gives it free rein to do whatever it wants. The developer of the malware has also added several new commands, including the ability to start livestreaming the device’s screen, take screenshots, unlock the device if it’s locked and temporarily turn off auto-lock. It can also use accessibility features to mimic pressing the home button, delete images specified by the command server, and access, compress and upload photos and thumbnails from storage, especially from the DCIM folder.

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

1) Have strong antivirus software: Android has its own built-in malware protection called Play Protect, but the FakeCalls malware proves it’s not enough. Historically, Play Protect hasn’t been 100% foolproof at removing all known malware from Android phones. Also, avoid clicking on any links in messages or emails that seem suspicious. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. 

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Download apps from reliable sources: It’s important to download apps only from trusted sources, like the Google Play Store. The FakeCalls malware infects your phone when you download an app from an unknown link. As an Android user, you should only download apps from the Play Store, which has strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores, as they pose a higher risk to your personal data and device. Also, never trust download links that you receive through SMS.

3) Be cautious with app permissions: Always review the permissions requested by apps before installation. If an app requests access to features that seem unnecessary for its function, it could be a sign of malicious intent. Do not give any app Accessibility permissions unless you really need to. Avoid granting permissions that could compromise your personal data.

4) Regularly update your device’s operating system and apps: Keeping your software up to date is crucial, as updates often include security patches for newly discovered vulnerabilities that could be exploited by malware like FakeCalls.

5) Monitor financial activity regularly: Check your bank and credit card statements often for unauthorized transactions. Set up alerts for any account activity, which can notify you immediately if suspicious activity occurs.

6) Limit sensitive transactions on mobile: Whenever possible, avoid performing high-risk transactions (like large money transfers) on your mobile device, especially if you’re in public or connected to unsecured Wi-Fi. Use a secure computer or contact your bank directly from a verified number.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Hackers are constantly upgrading their tactics and finding clever ways to hack your devices and scam you out of your hard-earned money. I really think Android phone manufacturers and Google need to step up their game on security to help keep users from getting hacked so often. I don’t see the same level of malware affecting iPhones.

How comfortable are you using your mobile phone for financial transactions, and what would make you feel safer? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.