Kaspersky researchers discovered a Fakecalls banking Trojan in January 2021. During the investigation, it was discovered that when the victim called the bank’s hotline, the Trojan opened its own fake screen call instead of the bank’s real phone. There are two possible scenarios that develop after a call is intercepted. First, Fakecalls connects victims directly to cybercriminals who present themselves as bank customer support. In another scenario, the Trojan plays a pre-recorded voice that mimics a standard greeting from a bank and uses automatic voice mail to mimic a standard conversation.
This Trojan may insert a small voice snippet in Korean. For example, “Hello. Thank you for calling the bank. Our call center is currently receiving an unusually large number of calls. The consultant will talk to you as soon as possible.” This allows cybercriminals to call. You can earn the trust of the victim by making them believe that is genuine. The main purpose of such a phone call is to extract as much vulnerable information as possible from the victim, such as bank account details.
A fake call screen opened by a Trojan horse after a victim tries to call a real bank
However, cybercriminals using this Trojan do not take into account that some of the potential victims may be using different interface languages, such as English instead of Korean. Hmm. There is only a Korean version on the Fake call screen. This means that some users of the English interface language will sniff the mouse and reveal the threat.
Once downloaded, the Fakecall app, disguised as a real banking app, will request various permissions such as contacts, microphones, cameras, geopositions, access to call processing, and more. These permissions allow the Trojan to drop an incoming call and remove it from the device history, for example, when a real bank is trying to reach the client. Fakecalls Trojans can not only control incoming calls, but can also disguise outgoing calls. If a cybercriminal wants to contact the victim, the Trojan will display its own call screen above the system call screen. As a result, the user sees the bank’s support service phone number as shown by the Trojan, instead of the actual number used by the cybercriminal.
Fakecalls perfectly mimics the mobile app of a well-known Korean bank, as scammers are trying to convince victims that the app is genuine. They insert the actual bank logo and display the actual support number of the bank as it appears on the main page of the official website.
This Trojan imitates the most popular Korean banking app
“Bank customers are always told to be careful about calls from fraudsters, but if you’re trying to contact the bank’s customer support directly, you don’t anticipate any danger. Generally speaking, We trust bank employees. We ask them for help. Therefore, we may convey the requested information to them or their impersonators. Created Fakecalls. Cyber criminals combine two dangerous technologies: bank trojans and social engineering, making victims more likely to lose money and personal data when downloading a new mobile banking app. Consider the required permissions. If you’re trying to access suspiciously excessive device controls, such as call processing access, it’s likely that your app is a banking trojan. “ Kaspersky security researcher Igor Golovin commented.
Read the complete report on Fakecalls Trojan on Kaspersky Daily.
To prevent money and personal data from falling into the hands of scammers, Kaspersky recommends:
- Download the app only from the official store. Do not allow installations from unknown sources. The official store performs a check on all programs and is usually removed immediately if malware invades.
- Pay attention to the permissions your app requires and whether you really need them. Don’t be afraid to deny permissions, especially potentially dangerous permissions such as access to calls, text messages, accessibility, etc.
- Please do not provide sensitive information over the phone. Real bank employees do not request online banking login credentials, PINs, card security codes, or verification codes from text messages. If in doubt, visit the bank’s official website to see if employees can and cannot ask questions.
- To install A reliable security solution that protects all devices from banking Trojans and other malware.
http://www.eyeofriyadh.com/news/details/hello-it-s-me-fakecalls-trojan-imitates-phone-conversations-with-bank-employees “Hello, that’s me”: Fakecalls Trojan mimics a telephone conversation with a bank employee