Watch out for FakeCall. Thus the Trojan intercepts calls to the bank

The alarm goes off loudly again FakeCallthe much-feared Trojan capable of intercepting phone calls made by unsuspecting users to their bank and putting them in contact with cybercriminals: convinced that they are speaking …

There is alarm over the fake voice message: what is hidden behind the email


The alarm goes off loudly again FakeCallthe much-feared Trojan capable of intercepting phone calls made by unsuspecting users to their bank and putting them in contact with cybercriminals: convinced that they are speaking to an employee of the credit institution, the customer on duty is thus encouraged to share information and data confidential, opening the doors of your current account to hackers.

A first edition of the malware was identified by Kaspersky in 2022, and from that moment on updated and therefore increasingly insidious versions began to spread, such as the one reported in 2023 by CheckPoint. Initially the trojan, which infected electronic devices via APK files coming from third-party sites, encouraged victims to contact their bank from within an app, simulating the dialing of the credit institution’s real telephone number: at this point the customer in question came into contact with a scammer rather than with an employee, as he was convinced he would do.

Zimperium experts have recently identified a new, even more insidious version of FakeCall which in this case is even capable of directly replacing the call manager: Thanks to this step, cybercriminals are able to obtain authorization to intercept and divert both outgoing and incoming phone calls.

Unlike what happened in previous versions, the malware comes into action only when the user contacts their credit institution by telephone, replacing the system dealer and diverting the call to an electronic device available to the fraudster: the latter, invested of the false role of bank employee, will therefore have the possibility of stealing the information necessary to empty the victim’s account.

What is worrying is not only the fact that the Trojan code has been considerably obfuscated, but above all that the new functions and attack systems still to be perfected: among these one for Bluetooth reception, which for now limits itself to monitoring the connection, and one for monitoring the screen capable of understanding whether it is on or off. Furthermore, FakeCall creates a connection channel with the C2 command and control server, allowing the cybercriminal to carry out numerous operations with the victim’s smartphone, such as obtaining the GPS location, modifying contacts, deleting apps or recording audio and video with a video camera and microphone.

The only way to protect yourself is to download banking apps only and exclusively from the Google Play Store: although, as happened recently, it is

It is possible to come across dangerous APK files there too, this is a much rarer event. To further protect yourself, it is also advisable to activate Play Protect, which is able to identify and block infected apps.