New FakeCall Malware Controls Devices Via Deceptive Call Techniques

Cybersecurity researchers have recently uncovered a new variant of the notorious Android malware family known as FakeCall. This malicious software employs advanced voice phishing techniques to deceive users into revealing sensitive personal information.

In their recent report the researchers explain how FakeCall employs a technique known as vishing (voice phishing), in which fraudulent phone calls or voice messages are used to deceive victims into disclosing sensitive information, such as login credentials, credit card numbers, or banking details.

Vishing is a form of “mishing,” a term that encompasses mobile-targeted phishing techniques, increasingly used by attackers to exploit the unique features of mobile devices, including voice calls, texting (SMS), and cameras. FakeCall is an extremely sophisticated type of vishing that leverages malware along with these fraudulent calls.

Additionally, the report explains that smishing refers to deceptive SMS messages that lure victims into clicking on malicious links or sharing sensitive data.

Quishing exploits mobile cameras to deliver phishing attacks through malicious QR codes. Email-based mobile phishing consists of phishing emails specifically designed to be effective only when accessed through a mobile email client, as noted on the report.

Fernando Ortega, one of the researchers who uncovered this, highlighted the seriousness of this threat in the report. He described FakeCall as “an extremely sophisticated vishing attack” that can take nearly complete control of a mobile device.

This includes intercepting both incoming and outgoing calls, effectively putting the attacker in charge of the user’s communication.

Victims are tricked into calling fraudulent numbers controlled by the attacker. The malware mimics a normal user experience, making it harder for individuals to recognize they are being deceived.

By using accessibility services, similar to other Android banking malware, FakeCall captures information displayed on the screen and requests additional permissions to operate effectively.

The spyware capabilities of FakeCall are alarming. It can collect a wide array of personal data, such as SMS messages, contact lists, locations, and the apps installed on the device. It even has the ability to take photos, record video streams using the device’s cameras, and manage contacts by adding or deleting them.

Additionally, FakeCall can capture audio snippets and upload images, using the MediaProjection API to create a video stream of the device’s activities.

One of the most dangerous features of this new version is its instruction for users to set the malware as the default dialer app. This change allows FakeCall to monitor all incoming and outgoing calls.

By intercepting these calls, the malware can modify dialed numbers, such as those for banking institutions, redirecting victims to numbers controlled by the attacker. This tactic lures users into taking unintended actions, leading to potential financial loss or identity theft.

Previous iterations of FakeCall prompted users to call their banks from within the malicious app, disguising itself as a financial institution offering enticing loan options. However, this latest version’s capability to modify call information makes it significantly more dangerous, as noted by The Hacker News.

The emergence of FakeCall serves as a warning for mobile users to remain vigilant. With the rise of such sophisticated attacks, individuals must be cautious about unsolicited calls and messages and should verify the identity of anyone requesting personal information.

Cybersecurity experts recommend installing reliable security software on devices and keeping operating systems updated to protect against evolving threats.