FakeCall (malware)

History

2024: Spread of virus intercepting user calls to bank

On November 1, 2024, it became known that cybersecurity experts revealed the active distribution in Russia of the new malicious FakeCall application, which intercepts user calls to banks and transfers them to scammers. The program disguises itself as a standard call application and simulates the interfaces of more than 20 financial institutions.

According to Hi-tech, after installation, the Trojan asks for the status of the main application for calls through the Android manager, getting the ability to control incoming and outgoing calls. When a user tries to contact the bank, the program redirects the call to the attackers' numbers.

𝓲

Kaspersky

Kaspersky Lab specialists first discovered FakeCall in April 2022. In March 2023, CheckPoint analysts recorded an updated version of the Trojan with improved concealment mechanisms from antivirus programs.

The new version of the malicious application has advanced functionality, including the ability to use the Android accessibility service to control the interface. This allows you to automatically obtain permissions and emulate user actions.

The program can also transfer images from the screen, take screenshots, access the camera and microphone of the device. Additional features include locating, deleting applications, recording video and audio, editing contacts.

Security experts recommend avoiding installing apps through APK files, as most malware is distributed outside the official Google Play store. Google Play Protect regularly detects and removes suspicious applications.

Experts also urge users not to transfer confidential data by phone in any suspicious calls and carefully check the permissions that the installed applications request.^[1]

Notes