New Strain of FakeBank Malware Can Intercept Calls, Connect Users with Scammers

Earlier this year in January, a new strain of Android malware called FakeBank was discovered which was capable of intercepting SMS sent by cyberbanking institutions in order to snoop on OTP messages and steal funds from users' account by exploiting mobile banking security practices.

The malware likewise spied on users and collected data similar telephone number, the business relationship residuum of a linked credit card, location information and the details of banking apps installed on a user'southward smartphone. Now, a new variant of FakeBank malware has been discovered, which is capable of intercepting calls and connecting users with fraudsters posing as a depository financial institution representative.

Spotted by Symantec's cybersecurity team, the new variant of FakeBank malware tin can intercept both incoming and approachable calls and redirects information technology to a dissimilar number used past the scammers.

banking malware UI — Malware UI spoofing a legitimate depository financial institution app (Paradigm Courtesy: Symantec)

Every bit per Symantec'south report, the updated FakeBank malware has been spread by social media sites and third-party Android app marketplaces, and so far, 22 apps take been found to exist infected with the malware. However, the malware has merely been known to target Korean banking institutions and its activity has reportedly been limited to Republic of korea and then far.

After beingness downloaded, the infected app collects the banking company's legitimate phone number and configures the scammer's contact data in the malware's configuration files. Once users call their depository financial institution, the malware intercepts the approachable telephone call and redirects information technology to the scammer's phone number. In order to avert suspicion, the malware overlays a fake UI that mimics the bank's real contact number and caller ID.

Incoming calls are intercepted too, and to simplify the scammer's chore of deception, the fake caller ID overlay is used over again to make the users believe that they have got a call from a bank employee. The new variant of FakeBank malware mostly affects devices that run Android five.0, however, smartphones running Android 6.0 and Android vii.0 are also susceptible to the attack. Only devices that kick Android 8.0 Oreo are impervious to the attack, every bit Android Oreo does non allow an app to overlay a system window.