Updated Voice Phishing Android Malware Redirects Your Calls to Hackers

Advisory ID: NCC-CSIRT-311024-012

Summary: 

Zimperium’s zLabs team has discovered a new variant of vishing (voice phishing) malware known as FakeCall. This evolved malware manipulates voice calls by impersonating trusted institutions, tricking users into revealing sensitive information like credit card numbers and banking credentials.

Damage/Probability: CRTICAL/HIGH

Platform(s): Android Operating Systems

Description: 

Researchers report that FakeCall malware infiltrates Android devices by hijacking call functions. The attack typically starts when a user downloads a seemingly harmless APK file (the Android application package format), which acts as a "dropper" to install the main malware. Once active, FakeCall can intercept and manipulate both outgoing and incoming calls, all under the control of a command-and-control (C2) server that covertly directs actions on the device. The malware even mimics a legitimate call interface, making it difficult for users to detect the deception. Moreover, attackers have been known to employ signing keys, allowing the malware to bypass security defenses more effectively.

Consequences: 

The malware exploits mobile-specific features like voice and SMS to gain unauthorized control over the compromised devices. Its advanced tools heighten risks of data theft, privacy breaches, and financial loss, highlighting the need for strong mobile security measures.

Solution: 

To mitigate this threat, you are advise to carry out the following:

• Avoid downloading APKs from unofficial sources.
• Use trusted app stores like the Google Play Store.
• Employ mobile threat detection tools to verify app legitimacy.
• Limit app permissions, especially for call and messaging functions.
• Install and regularly update robust mobile antivirus software.
• Keep Android devices and apps updated to the latest versions.
• Implement network security to monitor and block command-and-control (C2) traffic.
• Conduct regular device audits for suspicious activity.
• Use mobile threat defense solutions to detect and remove malware.
•  Enable multifactor authentication (MFA) for sensitive app access..

References:

• https://www.securityweek.com/fakecall-android-trojan-evolves-with-new-evasion-tactics-and-expanded-espionage-capabilities/

• https://thenimblenerd.com/article/beware-fakecall-malware-wreaks-havoc-with-advanced-mobile-phishing-tactics/

• https://bgr.com/tech/terrifying-android-malware-redirects-your-calls-to-hackers/

• https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/

• https://www.darkreading.com/cyberattacks-data-breaches/vishing-mishing-fakecall-android-malware

• https://www.infosecurity-magazine.com/news/updated-fakecall-malware-targets/