Banking Trojan Redirects Calls to Hackers
Dark web hackers have found a very creative way to steal from bank accounts. Cyber research analysts have disclosed information about a banking trojan for Android known as Fakecalls. What’s unique about this new app is that it has a function that allows it to hijack calls to a bank’s customer service line, and link the victim directly with the criminal hackers behind the malware.
Fakecalls, disguised as a mobile app has the ability to create duplicate themes of well-known banks; it can potentially copy all the intricate details of the financial services that it impersonates, including the official logo and customer service number.
When the victim attempts to call the bank, the virus disconnects the connection and displays a call screen that is eerily identical to the actual bank’s website page. And while the victim sees the bank’s genuine phone number on the screen, the phone line is actually connected to the dark web hackers, who pretend to be the bank’s customer service representatives and get info that allows them to access their victims’ accounts.
Fakecalls mobile banking malware may achieve this since it demands several permissions during installation, including access to the microphone, contact list, call-handling, camera, and even the location of its victim.
Malicious Trojan Targets Global Banks
The virus first appeared last year in 2021, and has been detected mostly in South Korea, targeting including clients the Kookmin Bank (KB), according to security analysts at Kaspersky cyber security firm.
Kaspersky researchers say that the malware can also spoof incoming calls, allowing cyber criminals to contact victims as if they were the bank’s customer support service. Additionally, the permissions the malware requests upon installation allow the cyber hackers to spy on the victim by broadcasting in real-time audio and video from the device, see its location, copy saved passwords, and files containing photos and videos, and even the victims’ text messages history.
However, for now, Fakecalls only supports the Korean language, making it easier to identify if the infected device runs a different system language. But financial institutions and their clients have been warned that the dark web hackers that create the malicious Trojan could easily add more languages such as English, French and Spanish to expand their scam by targeting a much wider geo-location.
To prevent becoming a victim of such malware, Kaspersky recommends downloading applications only from authorized stores and paying close attention to potentially harmful permissions. The researchers warned that Apps that request access to calls, and messages, especially if the original bank program does not require them, should be avoided and removed if downloaded.
Above all, online users and bank clients should never divulge sensitive information over the phone. Especially, details that are highly confidential like confirmation codes, PIN numbers, or login credentials.