Imagine turning over your debit card and calling your bank’s customer service number to ask a question. But thanks to dangerous new malware called FakeCall, when the person answers, you are speaking to a scammer who can see your screen, track your location, and record everything you say.
FakeCall Controls Phones, Intercepts Calls
According to Dark Reading, vishing scams that target Android phone users are getting extremely realistic thanks to new malware.
The malware hijacks a victim’s phone call to a bank and redirects it to scammers. This deceptive malware can make people believe they’re speaking with their bank’s customer service when talking to cybercriminals.
How The Scam Works
The attack starts when a victim downloads an app that contains the FakeCall malware embedded in it. Once that software is installed, the app requests permissions (like any app), but when the person clicks to accept the permissions, the malware is given control over all phone calls.
When the infected user tries to call their bank, the malware secretly changes the dialed number to connect with the scammers instead.
The scammers answer the phone and impersonate the bank. They then lure the victim into giving them their social security numbers, login credentials, one-time passcodes, and anything else they want.
It’s A Dangerous New Malware For Many Reasons
FakeCall is just the right software for scammers at just the wrong time. As scams soar, this is another deepfake that takes bank impersonation scams to a new level.
The software is like a hidden stalker right on the victim’s phone.
The Phone Pad Looks Real
It creates an interface that looks exactly like the Android phone’s existing dialer, so users don’t suspect anything.
It Turns On The Microphone
It can turn on the phone microphone to record a victim’s conversations. The scammer can then access those conversations and know exactly what the victim said while the victim was not on the phone.
It Monitors Your Phone Screen
The malware has access to almost everything on your phone. It monitors the phone screen and Bluetooth activity so it can tell what you are doing and changing on the phone.
Your Every Move is Tracked
FakeCall malware is a perfect stalker because it can track your location wherever you are. The scammers know your every move.
However, unlike other phone scams, this one can stay on a victim’s phone for years until it is deleted.
How To Protect Yourself
How can a person avoid becoming a victim of this scam? Kaspersky recommends several things and provides an article on the matter.
-Download apps only from official stores and do not allow installations from unknown sources. Official stores run checks on all programs, and even if malware still sneaks in, it usually gets promptly removed.
-Pay attention to what permissions apps require and whether they need them. Don’t be afraid to deny permissions, especially potentially dangerous ones like access to calls, text messages, accessibility, etc.
-Never give confidential information over the phone. Real bank employees will never ask for your online banking login credentials, PIN, card security code or confirmation codes from text messages. If in doubt, go to the bank’s official website and find out what employees can and cannot ask about.
-Install a robust solution that protects all your devices from banking Trojans and other malware.
If you have become a victim of this malware, shoot me a message, I would like to hear from you.