A relatively new Android Trojan is capable of intercepting and redirecting victims’ calls to customer service.
Android Trojan intercepts customer service calls
A fairly new banking Trojan for Android is currently in circulation, with which it is possible to hijack victims’ calls to a customer service number of the associated bank and put them through directly to the cybercriminals, as Bleepingcomputer also reports.
Security researchers have therefore given the new Android Trojan the appropriate name “Fakecalls”. This disguises itself as a mobile app from a popular bank, complete with the official logo and customer service number. When one of the victims tries to call the bank, the Trojan silently cuts the connection and forwards the call to the cyber criminals. The customer is not aware of this and continues to see the call with the bank’s official number on their mobile phone screen.
The cybercriminals then pose as the bank’s customer advisor and request details that, in the worst case, allow access to the victims’ accounts.
Complete victim control
The “Fakecalls” mobile banking Trojan requests several permissions such as access to the contact list, microphone, camera, geolocation and call handling when it is installed, according to Kaspersky security researchers. Thus, the criminals have all options to spy on the victims via location, contacts, camera and audio.
“These permissions not only allow the malware to spy on the user, but also to control the device to a certain extent by giving the Trojan the ability to cancel incoming calls and delete them from the history. This allows the scammers among other things, blocking real calls and hiding them from banks.”
According to Kaspersky security researchers, the malware can also spoof incoming calls, allowing cybercriminals to contact victims as if they were bank customer service.
So far only victims from South Korea have been affected
The malware emerged last year and has been observed targeting users in South Korea who are customers of well-known banks such as KakaoBank or Kookmin Bank (KB). So far there have not been any cases outside of South Korea, although there would probably not be a major hurdle in transferring and expanding the system to other banks worldwide.
Among other things, it is good practice to only download apps from official stores and to be aware of potentially dangerous permissions that an app requests, especially if the app does not need them. Also, you should not share sensitive information such as login details, PIN, card security code, or verification codes over the phone.
Android Trojans: You should delete these apps immediately!