New Android malware that goes after your banking info

There's a new strain of malware that specifically targets Android users that you should be aware of.  Dubbed simply "Fakecalls," it is a banking trojan that boasts a powerful new ability we haven't seen before in the malware world.  It can fake a call from your bank.

On its face, it looks like most of the other mobile banking apps that Android users install.  The graphics are well-done and it's a convincing copy of the banking software that it seeks to emulate. It displays a very accurate corporate logo and also includes a customer support number for the bank.

Here's where it gets interesting.  The number shown is the actual customer support number of the bank, but when the user attempts to call that number, the malware will break the connection and display a dummy call screen which is virtually identical to the real one.

 

The malware redirects your call to a hacker

The victim still sees the bank's genuine customer support number on the screen. So, by all outward appearances, nothing has changed. However, the connection that ultimately gets made isn't to a bank employee but one of the hackers controlling the malicious code.

Naturally the representative will be asking for several sensitive pieces of information to "verify the identity" of the victim who's calling in. Then, every bit of the information gathered will be used against the victim later.

If there's a silver lining to be found here it lies in the fact that so far, this app is only offered in Korean. Outside of South Korea you don't see it very often.  If you do business in that part of the world, you may have some exposure to it.

 

My perspective

According to Kaspersky Lab, the malware can only be found on third party sites, so it hasn't penetrated the Google Play Store.  If you steer clear of those third-party sites for downloading apps even if you do business in South Korea, your exposure should be quite limited.

 

There is a solid way to steer clear of this malware, but there is no fixing stupid

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association