Fakecalls: discovered bankware with attached “customer service” interpreted by hackers

A well-known security house warned users about the modus operando of a bankware, Fakecalls, which, in addition to acting as spyware. it also simulates the customer service of banks, of which it affects users in order to extract their personal data and financial credentials
Fakecalls: bankware with annex discovered

Bankware are among the viruses most used by hackers, as they allow them to put together easy profits in an era in which, by virtue of home banking, everyone manages their personal finances on their devices. Precisely in this category of malware, Kaspersky experts have found a virus in action, Fakecalls, which, in circulation since last year, definitely stands out from the category average.

According to security researchers, Fakecalls is hitting, for now, several Korean banks, although it can be adapted at any time with other languages ​​to hit other markets, hiding in apps that perfectly reproduce the official ones of well-known Korean banks, such as Kookmin Bank. , not only with the presence of the logo, but also with the official customer service number highlighted. Calling this number, with the devices now infected, Facecalls comes into action which discreetly closes the outgoing call and opens its own call screen, which puts the unsuspecting user in contact with those he believes to be of the bank’s customer service.

In this case, after a short pre-recorded message similar to that of the call-centers, which invites you to wait for the large volume of calls received, assuming that the call could be recorded, the hacker takes action, which circumvents the user. to steal personal information as well as bank credentials. Given the ability of Fakecalls to support incoming calls, it is not uncommon for the hackers to call themselves, with the smartphone that will end up displaying the bank’s real customer service number as the sender.

Analyzing the malware code, it turned out that Fakecalls also behaves like a classic spyware. Specifically, it requests and obtains permission to access the geolocation info, the call and message log, the contacts directory, a camera and microphone and, from that moment on, it carries out environmental wiretapping and, among other things, it can also erase the traces of the actual contact attempts by your bank.

To protect yourself from this threat, in addition to having an antivirus solution installed locally, it is good to download the apps only from the official stores, evaluate the required permissions and, if excessive, learn to say no: moreover, it is good to keep in mind that real employees of a banking institution would never ask for data such as the card security code, PIN, home banking logins, or confirmation codes – in terms of two-factor authentication – contained in text messages by phone.

Leave a Reply

Your email address will not be published. Required fields are marked *