Updated Android malware can hijack calls you make to your bank

Do you remember those TV shows where the villain gets defeated in one season but comes back even stronger in the next? Think "Stranger Things" on Netflix. The malware we're talking about here is just like that. It's called FakeCalls, and every time researchers figure out how it infects devices, it evolves with new ways to hide. 

Earlier this year, it was reported to be impersonating large financial institutions, and now security researchers have discovered that the malware has gone through another upgrade. It can even hijack the calls you make to your bank using your Android phone.

The default call handler app manages incoming and outgoing calls, allowing users to answer, reject or initiate calls. Giving these permissions to a malicious app, as you can imagine, carries serious risks.

When a user gives the app permission to set itself as the default call handler, the malware gets the green light to intercept and mess with both outgoing and incoming calls. It even shows a fake call interface that looks just like the real Android dialer, complete with trusted contact info and names. This level of deception makes it really tough for victims to see what's happening.

"When the compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker," explains the new Zimperium report. "The malicious app will deceive the user, displaying a convincing fake UI that appears to be the legitimate Android's call interface showing the real bank's phone number."

"The victim will be unaware of the manipulation, as the malware's fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim's financial accounts," the report added.

This malware not only hijacks your calls but can also steal your data. It gets access to Android's Accessibility permissions, which basically gives it free rein to do whatever it wants. The developer of the malware has also added several new commands, including the ability to start livestreaming the device's screen, take screenshots, unlock the device if it's locked and temporarily turn off auto-lock. It can also use accessibility features to mimic pressing the home button, delete images specified by the command server, and access, compress and upload photos and thumbnails from storage, especially from the DCIM folder.

2) Download apps from reliable sources: It's important to download apps only from trusted sources, like the Google Play Store. The FakeCalls malware infects your phone when you download an app from an unknown link. As an Android user, you should only download apps from the Play Store, which has strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores, as they pose a higher risk to your personal data and device. Also, never trust download links that you receive through SMS.

3) Be cautious with app permissions: Always review the permissions requested by apps before installation. If an app requests access to features that seem unnecessary for its function, it could be a sign of malicious intent. Do not give any app Accessibility permissions unless you really need to. Avoid granting permissions that could compromise your personal data.

5) Monitor financial activity regularly: Check your bank and credit card statements often for unauthorized transactions. Set up alerts for any account activity, which can notify you immediately if suspicious activity occurs.

Hackers are constantly upgrading their tactics and finding clever ways to hack your devices and scam you out of your hard-earned money. I really think Android phone manufacturers and Google need to step up their game on security to help keep users from getting hacked so often. I don't see the same level of malware affecting iPhones.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.