Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
A new version of the Android malware FakeCall intercepts outgoing calls when a user tries to call the bank. Instead of a credit institution, cybercriminals answer the call.
The authors of FakeCall often refine the Trojan by introducing new functionality. Last year, for example, FakeCall learned to evade security programs.
The goal of the malware remains unchanged: operators need to get to the victim's confidential information and money.
To hook the user, the FakeCall Trojan itself offers to call a credit institution, and this can be done directly from a malicious application that in every possible way disguises itself as banking software.
The fake window shows the real phone number of the credit institution, but the victim eventually calls FakeCall operators.
The current version of the malware was analyzed by researchers from Zimperium. FakeCall is installed using the appropriate APK file, after which the malware installs itself as a voice call handler.
Thus, even if the user himself tries to call the bank in which his account is serviced, the Trojan will redirect this call to cybercriminals.
In the Zimperium report, you can find the relevant indicators of compromise (IoC). In addition, experts list new commands that the new version of FakeCall has acquired:
* The ability to set up as a call handler;
* Real-time recording of activity on the display of the infected device;
* Taking screenshots;
* Unlocking the smartphone and disabling the auto-lock;
* Ability to pull images and thumbnails from storage.
FakeCall is still under active development.
Source
The authors of FakeCall often refine the Trojan by introducing new functionality. Last year, for example, FakeCall learned to evade security programs.
The goal of the malware remains unchanged: operators need to get to the victim's confidential information and money.
To hook the user, the FakeCall Trojan itself offers to call a credit institution, and this can be done directly from a malicious application that in every possible way disguises itself as banking software.
The fake window shows the real phone number of the credit institution, but the victim eventually calls FakeCall operators.
The current version of the malware was analyzed by researchers from Zimperium. FakeCall is installed using the appropriate APK file, after which the malware installs itself as a voice call handler.
Thus, even if the user himself tries to call the bank in which his account is serviced, the Trojan will redirect this call to cybercriminals.
In the Zimperium report, you can find the relevant indicators of compromise (IoC). In addition, experts list new commands that the new version of FakeCall has acquired:
* The ability to set up as a call handler;
* Real-time recording of activity on the display of the infected device;
* Taking screenshots;
* Unlocking the smartphone and disabling the auto-lock;
* Ability to pull images and thumbnails from storage.
FakeCall is still under active development.
Source
