A dangerous Android malware known as “FakeCall” is potentially redirecting bank-related phone calls to cybercriminals. Originally detected by Kaspersky in 2022, FakeCall has since evolved, gaining sophisticated features that allow hackers to remotely manipulate infected devices. The latest version of FakeCall employs a technique called “Vishing”—short for voice phishing—to trick users into unknowingly sharing confidential information.

Cybersecurity experts from Zimperium recently shed light on FakeCall’s capabilities. By exploiting Vishing, the malware enables attackers to initiate fraudulent calls or voice messages to lure victims into disclosing sensitive information like credit card details, login credentials, and other banking information. The malware typically infects devices when users download and install malicious APK files from unofficial sources. Once FakeCall is installed, it requests to be set as the default dialer app, giving it the necessary permissions to take control of outgoing and incoming calls.

After gaining these permissions, FakeCall leverages Android’s Accessibility services, a feature often abused by malicious apps, to monitor calls and actions on the device. If the user tries to contact their bank, the malware intercepts the call and redirects it to scammers. These imposters then attempt to extract valuable information, such as one-time passwords (OTPs) or account credentials, under the guise of legitimate customer service agents. This allows them to gain unauthorized access to the victim’s bank account and potentially steal funds.

FakeCall’s sophisticated design makes it exceptionally challenging to detect. It mimics the authentic Android call interface, displaying what appears to be the actual bank’s phone number, thus lulling users into a false sense of security. This fake interface is almost identical to the standard Android dialer UI, making it hard for victims to realize they’re not speaking to their actual bank representatives.

Additionally, FakeCall is designed with powerful capabilities beyond simple call interception. It can record the screen, capture screenshots, unlock the device, and even disable the auto-lock feature, further enhancing its control over infected phones. This gives attackers broader access to private data and the ability to manipulate the device without the user’s knowledge.

Alarmingly, FakeCall has been spreading through websites that masquerade as the Google Play Store, tricking users into downloading infected files. Zimperium’s researchers have identified 13 apps being used to propagate FakeCall, though they have not yet publicly named these applications. This distribution method, coupled with the app’s resemblance to legitimate dialer apps, makes FakeCall a stealthy and highly effective tool for cybercriminals.

To guard against FakeCall and similar threats, users are advised to avoid downloading apps from unofficial sources, as these often lack the security screening found in the Google Play Store. Experts also recommend restarting your phone regularly and using trusted antivirus software to scan for potential threats. Being cautious with app permissions and regularly monitoring device settings can also help minimize the risk of falling victim to mobile trojans like FakeCall.

Source