Remember those TV shows where the villains are defeated one season, only to come back even stronger the next? Think Netflix’s Stranger Things. That’s the kind of malware we’re talking about here. It’s called FakeCalls, and it evolves with new hidden methods as researchers figure out how it infects devices.
Earlier this year, the malware was reported to be impersonating major financial institutions, but now security researchers have discovered that the malware has been further upgraded. Calls made to banks using Android smartphones can also be hijacked.
Enter Cyberguy’s $500 Holiday Gift Card Sweepstakes
Man surfing with Android smartphone (Kurt “Cyber Guy” Knutson)
What you need to know
FakeCalls is a banking Trojan that focuses on voice phishing, where victims are tricked into sharing sensitive information with fraudulent calls impersonating their bank. Previous versions accomplished this by prompting users to call their bank from within an app that impersonated a financial institution. peepee computer. However, in the latest version, Zimperiumsets itself as the default call handler.
The default call handler app manages incoming and outgoing calls and allows users to answer, decline, and initiate calls. As you can imagine, granting these permissions to malicious apps comes with significant risks.
When a user gives the app permission to set itself as the default call handler, the malware gains permission to intercept and intercept both outgoing and incoming calls. A fake calling interface that looks just like the real Android dialer is also displayed, displaying trusted contact information and names. This level of deception makes it extremely difficult for victims to understand what is going on.
“When an infected individual attempts to contact a financial institution, the malware redirects the call to a fraudulent number controlled by the attacker,” Zimperium’s new report explains. “The malicious app tricks users into displaying a fake UI that looks like a legitimate Android calling interface that displays a real bank phone number.”
“The malware’s fake UI mimics a real banking experience, so the victim is unaware of the operation and could allow the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts. “There are,” the report added.
Android home screen (Kurt “Cyber Guy” Knutson)
Android banking Trojan evolves to evade detection and attack globally
Malware can also steal data
This malware can not only hijack calls but also steal data. You have access to Android’s accessibility permissions, which basically gives you the freedom to do whatever you want. The malware’s developers also added some new commands, including the ability to start live streaming the device screen, take a screenshot, unlock the device if it is locked, and temporarily turn off auto-lock. I did. You can also use accessibility features to mimic pressing the home button, delete images specified by the command server, access photos and thumbnails from your storage, especially the DCIM folder, compress and upload them. You can also.
android mobile phone (Kurt “Cyber Guy” Knutson)
Android banking Trojan impersonates Google Play to steal data
6 ways to protect yourself from FakeCalls malware
1) Use strong antivirus software: Android has its own built-in malware protection called Play Protect, but the FakeCalls malware proves that it’s not enough. Historically, Play Protect has not been 100% foolproof in removing all known malware from Android smartphones. Also, do not click on any suspicious links in messages or emails. The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to install antivirus protection on all your devices. This also results in a warning like this: phishing email or Ransomware scam.
2) Download apps from trusted sources. It’s important to only download apps from trusted sources, such as the Google Play Store. FakeCalls malware infects your phone when you download an app from an unknown link. Android users should only download apps from the Play Store, which undergoes strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores as this increases the risk to your personal data and device. Also, never trust download links received via SMS.
3) Be careful with app permissions. Always check the permissions requested by the app before installing. If an app requests access to features that you think aren’t necessary for its functionality, that could be a sign of malicious intent. Don’t give apps accessibility permissions unless you really need them. Avoid granting permissions that could compromise personal data.
4) Update your device’s operating system and apps regularly. Store the software to date This is very important because updates often include security patches for newly discovered vulnerabilities that can be exploited by malware such as FakeCalls.
5) Regularly monitor financial activities. Check your bank and credit card statements frequently for fraudulent transactions. Set up account activity alerts to be notified immediately when suspicious activity occurs.
6) Restrict sensitive transactions on mobile: Whenever possible, avoid performing high-risk transactions (such as sending large amounts of money) on your mobile device, especially if you: Connected to public or unsecured Wi-Fi. Use a secure computer or contact your bank directly from a verified number.
The hidden cost of free apps: personal information
Cart important points
Hackers are constantly refining their tactics and finding clever ways to hack your devices and scam you out of your hard-earned money. I really think that Android smartphone manufacturers and Google need to step up their security efforts to ensure that users don’t get hacked as often. I don’t think the same level of malware would affect the iPhone.
How comfortable are you using your mobile phone for financial transactions? And what makes you feel more secure? Email us. Cyberguy.com/Contact.
CLICK HERE TO GET THE FOX NEWS APP
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you’d like us to feature.
Follow Kurt’s social channels:
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
