A terrifying new bug has been discovered that could make Android users think twice before making any calls. The threat, which is currently targeting users across Korea, deploys a nasty Trojan virus called Fakecalls to intercept the line when people call services such as their bank.
Fakecalls works by being able to mimic the official apps of a number of popular banking providers. Once installed, users are then being tricked into tapping on the fraudulent software whenever they need to check their account balance, or call customer service to make changes or pay bills. Worse still, once Fakecalls is installed it even has the capability to hijack real phone calls made to the bank. When the trojan detects that you’re ringing a number associated with the provider, the bug will discreetly break the connection and open its own fake call instead.
This means users may never know that they are actually speaking to a cybercrook, rather than an employee at their chosen financial institution.
Once connected, the scammers then try to steal money by extracting personal data such as account numbers and passwords.
The security at Kaspersky, who have been tracking Fakecalls, say the problems don’t just stop there either as this bug is capable of taking control of devices, with hackers then able to determine the location of their victims and even copy their contacts list or files (including photos and videos).
Another scary feature of this attack is the ability to drop incoming calls and delete them from the history. This allows the scammers, among other things, to block and hide real calls from banks.
Although Fakecalls is currently only targeting a small number of users it’s still worth being alert before downloading anything onto your phone as there’s nothing to suggest that Fakecalls won’t begin to spread to other parts of the globe.
Kaspersky has published some advice on how to stay safe…
• Download apps only from official stores and do not allow installations from unknown sources. Official stores run checks on all programs, and even if malware still sneaks in, it usually gets promptly removed.
• Pay attention to what permissions apps ask for and whether they really need them. Don’t be afraid to deny permissions, especially potentially dangerous ones like access to calls, text messages, accessibility and so on.
•Never give confidential information over the phone. Real bank employees will never ask for your online banking login credentials, PIN, card security code or confirmation codes from text messages. If in doubt, go to the bank’s official website and find out what employees can and cannot ask about.