Mar 17, 2023 – Mobile Security / Scam Alert: A new Android malware campaign known as FakeCalls is targeting South Korean users by disguising itself as popular financial apps. FakeCalls has the functionality to extract private data from the victim’s device and can imitate phone conversations with a bank customer support agent. It has also been observed that the malware requests for intrusive permissions to harvest sensitive data, including audio and video streams, from the compromised device. The ultimate goal of the campaign is to get the victim’s credit card information. The malware has also implemented various techniques to stay under the radar.
Cybersecurity experts have warned that FakeCalls can be repurposed to target other regions across the world. It joins the likes of Nexus and GoatRAT, two Android banking trojans that can harvest valuable data and carry out financial fraud. In 2022, Kaspersky detected 196,476 new mobile banking trojans and 10,543 new mobile ransomware trojans with China, Syria, Iran, Yemen, and Iraq emerging as the top countries attacked by mobile malware, including adware.
It is essential for businesses and individuals to be aware of the risks associated with third-party app access to their SaaS apps and to minimize the risk by monitoring permissions granted to them. Cybersecurity companies have also advised users to avoid installing apps from unknown sources and use a reliable security solution to protect their devices.
Key Points:
• FakeCalls is an Android voice phishing (aka vishing) malware campaign targeting South Korean users.
• The malware has the capability to extract private data and imitate phone conversations with a bank customer support agent.
• It requests for intrusive permissions to harvest sensitive data from the compromised device.
• Cybersecurity experts have warned that the same tactics can be repurposed to target other regions across the world.
• Businesses and individuals should be aware of the risks associated with third-party app access and take steps to minimize the risk.
