Android malware

A new variant of the FakeBank Android malware includes the ability to intercept phone calls victims are making to their banks, and redirecting users to scammers.

FakeBank is a banking trojan that operates by showing fake login screens on top of a legitimate banking app. Historically, this malware has been one of the most creative Android threats on the market.

In the past, the malware whitelisted its process to remain active while the user's phone went into sleep mode; and also used TeamViewer to grant attackers full access to an infected device.

FakeBank can intercept phone calls

Such tactics were both innovative at the time, but this new FakeBank version is something unique on its own. Security experts say the malware still acts like a regular banking trojan, but with a twist.

Whenever the user attempts to call his bank's number, FakeBank intercepts the call and switches the dialed number to one preconfigured in its configuration file, leading users to scammers that collect their banking information.

Similarly, FakeBank operators can call victims from a special number —also included in the malware's configuration file— that the malware will display on the user's phone as coming from his bank. This allows crooks to carry out scams without the victim suspecting any wrongdoing.

FakeBank active in South Korea only

This new FakeBank variant is currently active only in South Korea, Symantec researchers said today in a report. Experts found the FakeBank banking trojan inside 22 Android apps distributed via third-party app stores and via links shared on social media sites.

This, once again, shows that the weakest chain in the Android ecosystem is the app installation process, to which users must pay special attention to what apps are they installing, from where, what permissions are they giving these apps, and if these permissions are justified based on the app's features.

An optimal scenario would be if users would limit to installing apps from the official Google Play Store, where they go through a basic malware scanning process.

Earlier this week, Google released its annual Android Security Report, revealing that it continually scans over 50 billion apps per day in search for malicious apps.

According to Google, "in 2017, downloading a [potentially harmful application] from Google Play was less likely than the odds of an asteroid hitting the earth."

Related Articles:

Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code

New Exo Android Trojan Sold on Hacking Forums, Dark Web

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

Hamas Lures Israeli Soldiers to Malware Disguised in World Cup and Dating Apps

MnuBot Banking Trojan Tries to Hide Behind Seemingly Innocent MSSQL Traffic