Updated Android malware can hijack calls you make to your bank

Remember those TV shows where the villain gets defeated in one season but comes back even stronger in the next? Well, that’s exactly what is happening with a new malware called FakeCalls. This banking trojan focuses on voice phishing, where victims are deceived through fraudulent calls impersonating banks and are asked to share sensitive information.

Earlier versions of FakeCalls prompted users to call the bank from within an app that impersonated the financial institution. However, the latest version has evolved and now sets itself as the default call handler on Android devices. This means that the malware can intercept and manipulate both outgoing and incoming calls, showing a fake call interface that looks just like the real Android dialer.

When a compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker. The fake UI displayed by the malware mimics the actual banking experience, making it difficult for victims to realize what’s happening. This level of deception allows the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts.

In addition to hijacking calls, FakeCalls can also steal data by gaining access to Android’s Accessibility permissions. The malware developer has added new commands that allow the malware to livestream the device’s screen, take screenshots, unlock the device, and access and upload photos from storage.

To protect yourself from FakeCalls malware, it is important to have strong antivirus software installed on your device. Download apps only from reliable sources like the Google Play Store, review app permissions before installation, and regularly update your device’s operating system and apps. Monitor your financial activity regularly and limit sensitive transactions on your mobile device.

Hackers are constantly upgrading their tactics, and it’s essential for Android phone manufacturers and Google to enhance security measures to prevent users from getting hacked. If you have any tech questions or stories you’d like us to cover, feel free to get in touch with us at Cyberguy.com/Contact. Stay safe online and protect your personal information from cyber threats.