New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls
By Ravie Lakshmanan, The Hacker News
Nov 4, 2024
Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information.
“FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming and outgoing calls,” Zimperium researcher Fernando Ortega said in a report published last week.
“Victims are tricked into calling fraudulent phone numbers controlled by the attacker and mimicking the normal user experience on the device.”
FakeCall, also tracked under the names FakeCalls and Letscall, has been the subject of multiple analyses by Kaspersky, Check Point, and ThreatFabric since its emergence in April 2022. Previous attack waves have primarily targeted mobile users in South Korea.
The names of the malicious package names, i.e., dropper apps, bearing the malware are listed below –
- com.qaz123789.serviceone
- com.sbbqcfnvd.skgkkvba
- com.securegroup.assistant
- com.seplatmsm.skfplzbh
- eugmx.xjrhry.eroreqxo
- gqcvctl.msthh.swxgkyv
- ouyudz.wqrecg.blxal
- plnfexcq.fehlwuggm.kyxvb
- xkeqoi.iochvm.vmyab
Like other Android banking malware families that are known to abuse accessibility services APIs to seize control of the devices and perform malicious actions, FakeCall uses it to capture information displayed on the screen and grant itself additional permissions as required.
Some of the other espionage features include capturing a wide range of information, such as SMS messages, contact lists, locations, and installed apps, taking pictures, recording a live stream from both the rear- and front-facing cameras, adding and deleting contacts, grabbing audio snippets, uploading images, and imitating a video stream of all the actions on the device using the MediaProjection API.
This article first appeared at The Hacker News on Nov 4, 2024.
No Comments