The scam designed to intercept customer support calls and steal banking data using fake Android apps has returned, and it’s more effective than ever.
Initially discovered almost a year ago, the malware known as FakeCalls has returned and researchers from cybersecurity firm Check Point (opens in new tab) have indicated that it has employed further evasion techniques.
According to its report, the Trojan can “masquerade as one of more than 20 financial applications” to imitate phone calls in a scam known as voice phishing.
Voice phishing malware
The malware appears to be targeting South Korea specifically, a country that according to a government report (opens in new tab) lost around $600 million in 2020 due to voice phishing attacks alone.
Not only had the cybersecurity researchers discovered over 2,500 samples of the malware, but the “unique” evasion techniques it used had “not previously [been] seen in the wild,” suggesting that a more advanced strain of malware has emerged and could remain undercover for longer periods of time.
The attack is reasonably simple: once FakeCalls is illegitimately installed on a victim’s Android device, the malware operators’ phone number is masked by a genuine bank number to gain trust before victims are asked to confirm payment details and subsequently expose themselves to all manner of risks including identity theft.
Another report by Kaspersky (opens in new tab) uncovered the types of attacks that were most notable of 2022. FakeCalls was found to have been the second most common mobile banking Trojan of last year representing 8.27% of all installs, though it trails far behind Bray in first place at 66.40%.
The same report highlighted China as the country whose citizens were proportionally attacked the highest with mobile malware, with South Korea failing to make it into the top 10.