News & Analysis

Fake Calls – New Android Malware at Work

Fake calls purportedly from banks have been a regular occurrence in India. An Android Trojan could potentially steal data has been identified now

India has witnessed fake calls and tele-marketing nuisance for several years now with the union government time and again issuing warnings about their potential for data thefts. However, a new Android malware has now been identified that could exponentially increase the risk of phishing attacks. 

CheckPoint Research recently reported that it had come across an Android Trojan called FakeCalls that could potentially masquerade as more than 20 financial applications and imitate phone conversations with bank employees. Dubbed a ‘Vishing’ (voice phishing) attack, these were located in South Korea at this point in time. 

Vishing attacks are performed over the phone, and are considered a type of a social engineering attack, as they use psychology to trick victims into handing over sensitive information or performing some action on the attacker’s behalf.

“FakeCalls” targets the South Korean market and possesses the functionality of a Swiss army knife being able not only to conduct its primary aim but also aims and succeeds to extract private data from the victim. The country had reported financial losses due to such attacks amounting to $600 million in 2020 with over 170,000 people falling victim over five years. 

Voice phishing attacks – How they work

The idea behind voice phishing is to trick the victim into thinking that there is a real bank employee on the other side of the call. As the victim thinks that the application in use is an internet-banking application (or payment system application) of a real financial institution, there is no reason to be suspicious of an offer to apply for a loan with a lower interest rate – which is fake, of course. At this step, the malware actors can lay the necessary groundwork to understand how to approach the victim in the best way possible.

At the point where conversation happens, the phone number belonging to the malware operators, unknown to the victim, is replaced by a real bank number. Therefore, the victim is under the impression that the conversation is made with a real bank and its real employee. Once the trust is established, the victim is tricked into “confirming” the credit card details in the hope of qualifying for the (fake) loan.

CheckPoint discovered that more than 2,500 samples of the FakeCalls malware differed in a combination of mimicked financial organizations and implemented evasion techniques. The malware developers paid special attention to the protection of their malware, implementing several unique evasion techniques that we had not seen in-the-wild before. 

Some easy ways to prevent Vishing attacks

Like other social engineering attacks, user awareness is essential for prevention and protection. Some important points to include in cybersecurity awareness training are:

  • Never Give Out Personal Data: Vishing attacks are commonly designed to trick the target into handing over personal information that can be used for fraud or in other attacks. Never provide a password, multi-factor authentication (MFA) number, financial data, or similar information over the phone.
  • Always Verify Phone Numbers: Vishers will call while pretending to be from a legitimate organization. Before giving any personal data or doing anything that the attacker says, get the caller’s name and call them back by using the official number from the company website. If the caller tries to talk you out of doing so, it’s probably a scam.
  • No-One Wants Gift Cards: Vishers will commonly demand payment for unpaid taxes or other fees in gift cards or prepaid Visa cards. No legitimate organizations will request a gift card or prepaid credit as payment.
  • Never Provide Remote Computer Access: Vishers may request remote access to your computer to “remove malware” or fix some other issue. Never provide access to your computer to anyone except verified members of the IT department.
  • Report Suspected Incidents: Vishers commonly will try to use the same scam on multiple different targets. Report any suspected vishing attack to IT or the authorities so that they can take action to protect others against it.


Leave a Response