The scam designed to intercept customer support calls and steal banking information using fake Android apps is back and more effective than ever.
Discovered nearly a year ago, the malware known as FakeCalls has returned and researchers at cybersecurity firm Check Point (opens in new tab) have indicated that it has employed further evasion techniques.
According to the report, the Trojan can “disguise itself as one of more than 20 financial applications” to impersonate phone calls in a scam known as voice phishing.
Voice phishing malware
The malware appears to be specifically targeting South Korea, a country that according to a government report (opens in new tab) lost about $600 million in 2020 due to voice phishing attacks alone.
Not only had the cybersecurity researchers discovered more than 2,500 samples of the malware, but the “unique” evasion techniques it used were “unprecedented” [been] seen in the wild,” suggesting that a more advanced form of malware has emerged that could remain undercover for extended periods of time.
The attack is fairly simple: once FakeCalls is illegally installed on a victim’s Android device, the malware operators’ phone number is masked with a real bank number to gain trust before asking victims to confirm payment details and then exposing themselves all kinds of risks included identity theft.
Another report of Kaspersky (opens in new tab) discovered the types of attacks most notable in 2022. FakeCalls was found to be the second most common mobile banking trojan last year, accounting for 8.27% of all installs, although it is well behind Bray at 66.40%.
The same report named China as the country whose citizens were proportionally attacked by mobile malware the most, with South Korea falling short of the top 10.