Calls to Banks Customer Support Intercepted by Fakecalls Mobile Banking Trojan

Fakecalls, an Android banking malware, has a powerful feature that allows it to hijack calls to a bank’s customer service number and connect the target directly with the malware’s operators.

More on Fakecalls

According to cybersecurity experts at Kaspersky, the Fakecalls malware first appeared last year and has been observed attacking users in South Korea, specifically clients of widely known banks such as KakaoBank and Kookmin Bank (KB).

Despite the fact that it has been operative for some time, the banking trojan has received little attention, most likely due to its limited target geography, notwithstanding its fake call function, which represents a new step in the evolution of mobile banking threats.

Fakecalls M.O.

Fakecalls poses as a well-known financial institution’s mobile app and shows all the trademarks of the entity it impersonates, including the official logo and the customer support phone number. When the victim attempts to contact the bank, the trojan interrupts the connection and displays its own call screen, which is nearly identical to the authentic one.

Source

While the target sees the bank’s actual phone number on the screen, the call is, in fact, with the threat actors who can impersonate the bank’s customer service agents

Read More: https://heimdalsecurity.com/blog/calls-to-banks-customer-support-intercepted-by-fakecalls-mobile-banking-trojan/