Android, FakeCalls malware returns: bank accounts in danger
March 19, 2023
|The day March 17, 2023, is a restless day for Android users: after the alarm for the Hook malware , spread on the Play Store through a long series of applications, the Check Point Research siren is sounding following the identification of a new FakeCalls malware offensive . Also in this case the targets are mobile devices with the Google home operating system, in a return of the virus after about a year of absence from the radar of the experts
The return of FakeCalls on Android
|The malware in question is back in circulation with updated versions to avoid the latest generation of antivirus and Google's protection systems. Check Point's report includes the analysis of more than 2,500 examples of applications and services infected by FakeCalls, especially apps related to banking institutions and financial organizations, all of which have never-before-seen solutions to evade anti-malware checks .
How does the infection happen?
|The first step of the attack is to install malware on the victim's device, which could be through phishing, black SEO or advertising for infected websites. In most cases, these are seemingly legitimate applications from supposedly reputable vendors; in reality, these are infected copies offered via clones of official websites.
|The next steps make everything more complex to identify: the app tends to offer the target a low-interest rate loan on behalf of the bank, proposing its approval through a voice recording of real customer support, shared by calling the bank's number. However, in reality the malware disguises the called contact (a phone belonging to the attackers) with the authentic numbers of the impersonated bank.
|The target? Getting the victim to confirm their credit card information so that the bad guys can steal the money from the account.
The spread of malware
|This specific virus is currently only active in South Korea; nevertheless, Check Point experts warn that operations could soon expand to other parts of the world. Looking at the countries targeted by other banking malware
|Source: Check Point Research