New Android Malware Silently Hijacks Your Bank Calls & Feeds Conversations to Hackers

In the first quarter of 2024, researchers found 389,178 malware and unwanted software installation packages on Android devices. The situation didn’t improve in the second quarter, with 367,418 malicious installation packages detected, including 13,013 packages specifically for mobile banking Trojans¹.

This shows that Android malware is becoming more common and more dangerous. In fact, a new type of malware can secretly take over your bank calls and send your conversations to hackers².

Here’s what you need to know to protect your personal information and keep your finances safe.

Beware of FakeCall

New Android Malware Silently Hijacks Your Bank Calls & Feeds Conversations to Hackers » Woman reciving unwanted call ss2244266333 dnoh
Image Credit: Elena Uve/Shutterstock

FakeCall is an Android banking Trojan that can take over your phone calls to your bank. When you try to call your bank, your call gets sent to hackers instead.

Zimperium’s zLabs team is tracking this new version of a dangerous malware as previously reported by ThreatFabric (ref) and Kaspersky (ref). 

FakeCall uses a method called Vishing (voice phishing), tricking people into giving away personal information like login details, credit card numbers, or banking information.

What Is Vishing?

New Android Malware Silently Hijacks Your Bank Calls & Feeds Conversations to Hackers » Vishing scam ss2139163669 dnop
Image Credit: Fran Rodriguez Fotografia/Shutterstock

According to Zimperium, Vishing (voice phishing) is a type of “Mishing,” which refers to phishing attacks targeting mobile devices. Attackers use mobile features like voice calls, texts (SMS), and cameras to exploit users. 

Mishing includes the following methods, such as vishing, which are fraudulent calls misleading users into revealing confidential information or taking risky actions. FakeCall is a highly advanced type of vishing that uses malware and deceptive calls.

How Vishing Leads to Device Compromise

New Android Malware Silently Hijacks Your Bank Calls & Feeds Conversations to Hackers » Vishing alert message ss2404902305 dnoh
Image Credit: Linaimages/Shutterstock

Zimperium discovered that the attack usually starts when victims download an APK file on their Android device through a phishing scam, which acts as a dropper.

The dropper’s main job is to install the actual malicious software (the second stage) on the victim’s device. The samples that the researchers found are from this second-stage malware.

FakeCall malware is made to connect with a Command and Control (C2) server, allowing it to perform actions that trick the user. This connection happens through a series of messages exchanged between the malware and the C2 server. (ref)

When the app is launched, it asks the user to set it as the default call handler. Once it is set as the default, the app can manage all incoming and outgoing calls.

Using the OutgoingCallReceiver, it captures the outgoing call intent and retrieves the phone number. 

The hackers will identify the victim’s main bank and send relevant offers through in-app notifications or vishing. They might even promote a low-interest loan and invite the victim to call if interested.

When the victim tries to call their bank, the malware redirects the call to a fake number controlled by the attacker. The malicious app dupes the user by showing a realistic fake user interface (UI) that looks like the real Android call screen, displaying the bank’s real phone number.

The victim won’t realize anything is wrong, as the fake UI mimics the actual banking experience, allowing the hacker to steal sensitive information or access the victim’s financial accounts.

For Android Users, Do Not Download Apps Outside Google Play Store

New Android Malware Silently Hijacks Your Bank Calls & Feeds Conversations to Hackers » password security secure website ss2397020291
Image Credit: Natee K Jindakum/Shutterstock

To prevent and stop malware like FakeCall, start by being careful about what you download. Always stick to official app stores like Google Play and avoid downloading APK files from unknown sources.

Make sure your device has security features turned on, such as Google Play Protect, which can help find and block harmful apps. 

Even the National Security Agency (NSA) couldn’t recommend enough that you regularly update (or patch) your phone’s software and apps, (ref) as these updates often include important security fixes. 

Also, be cautious of unexpected calls or messages that ask for personal information or try to lure you in with offers that seem too good to be true. If you suspect that you have malware on your device, remove any suspicious apps immediately and consider running a trusted security app to scan for threats. 

By taking these steps, you can help keep your phone safe from malware.

Source:

  1. SecureList by Kaspersky
  2. Information Security Magazine
Martha A. Lavallie
Martha A. Lavallie
Author & Editor | + posts

Martha is a journalist with close to a decade of experience in uncovering and reporting on the most compelling stories of our time. Passionate about staying ahead of the curve, she specializes in shedding light on trending topics and captivating global narratives. Her insightful articles have garnered acclaim, making her a trusted voice in today's dynamic media landscape.