HQ/EMEAFind out how we can help your business
The ‘Fakecalls’ banking malware was seen being spread against Android users in South Korea after security researchers spotted a phishing campaign from its threat actors. According to the reports, the campaign starts with a fake Google Play Store website where the victims are tricked into downloading the banking malware.
Over a thousand Fakecalls malware samples have been found within the past months, hidden behind malicious Android applications. One of the impersonated apps was the ‘Pol-AntiSpy version 3.0,’ which the South Korean National Police Agency (NPA) had developed to protect users against cyber spies.
The analysis of this campaign explained that the threat actors used the same app logo and a hyperlink to the app’s official website to make it seem like a legitimate app that users could safely install on their Android devices.
As read in the malicious app’s description, it can scan any spyware on a user’s Android device and help users remove them. However, once installed, the malicious app will launch the Fakecalls Android malware that infects users with dangerous capabilities instead of protecting them.
The previous cases of Fakecalls malware campaigns include victims being tricked into calling a phone number, eventually leading to the theft of sensitive data from Android devices.
In one instance, a victim was lured into calling a phone number, whereby a bogus customer care executive of a bank would answer. Suppose the entire operation is successful; in that case, the victims are robbed of their sensitive data from their Android devices, such as their call logs, text messages, contact lists, device location, and network operator, among others.
Since the hackers have hacked into the victims’ SMS, they can now steal two-factor codes that they could use for further cyberattack operations. The hackers could also record call sessions on the infected device and manipulate call logs to delete their tracks.
Users have always been warned to evade suspicious websites that impersonate authentic ones that force them to download and install files into their computers. In most cases, these incidents lead to hacking and being infected with malware payloads, resulting in critical data or monetary loss.
Thus, users should only rely on the official application or software stores to download files to their devices. It is also vital to review the permissions asked by the app before installing them.
