New FakeCall Android Malware Redirects Bank Phone Calls To Scammers Invisibly

Another Reason To Avoid Random Android APKs And Dodgy Apps
It can be fun to load and configure an Android APK which didn’t come from the Google Store, or to grab an app that sounds great from somewhere on the web but as we’ve warned before it will likely end in tears. Today it is the announcement of the discovery of a new version of an old enemy called FakeCall. This malware has been around for a while and unfortunately it continues to evolve. The new version is nastier than ever, it takes over the Android dialer and perfectly mimics it, showing trusted contact information and names just like the real dialer and of course it makes calls.
The nasty part is what it does once it owns the dialer, it ensures that any phone call to a bank is invisibly intercepted and redirected to an attacker. Your Android phone will show the bank’s number, including any contact info you might have associated with that number, but in truth you are speaking to a scammer. Since it looks exactly like you’ve called your bank, the person you end up speaking to will have little trouble getting your banking information and can then make your life miserable. It can also simulate clicks and gestures, which is handy if you want to further infect a phone. Bleeping Computer lists the full capabilities of FakeCall in this post.
Of course, even grabbing your apps from the Google Store doesn’t guarantee your safety but it does make it far less likely that the app you install isn’t exactly what it says it is.
In the latest version analyzed by Zimperium, the malicious app sets itself as the default call handler, asking the user to approve this action upon installing the application through an Android APK.
More Tech News From Around The Web
- Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years @ Phoronix
- Hackers steal 15,000 cloud credentials from exposed Git config files @ Bleeping Computer
- Cast a hex on ChatGPT to trick the AI into writing exploit code @ The Register
- GitHub Copilot Moves Beyond OpenAI Models To Support Claude 3.5, Gemini @ Slashdot
- More Than a Quarter of New Code At Google Is Generated By AI @ Slashdot
- Here’s the paper no one read before declaring the demise of modern cryptography @ Ars Technica
- Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000 @ The Register
- Aura Smart Sleep Mask Review – Much more than 100% blackout sleep @ TweakTown