A terrifying new bug has been discovered that could make Android users think twice before making any calls. The threat, which is currently targeting users across Korea, deploys a nasty Trojan virus called Fakecalls to intercept the line when people call the bank.
Fakecalls is able to mimic the official apps of a number of popular banks, so users mistakenly tap on the fraudulent software whenever they need to check their account balance, or call customer service from their bank. Worse still, once Fakecalls is installed, it has the capability to hijack your phone calls made to the bank. When it detects that you’re ringing a number associated with a bank, the Trojan will discreetly break the connection and open its own fake call instead.
This means users may never know that they are actually speaking to a cybercrook, rather than an employee at their chosen financial institution.
Once connected, the scammers then try to steal money by extracting personal data such as account numbers and passwords.
The security at Kaspersky, who have been tracking Fakecalls, say the problems don’t just stop there either as this bug is capable of taking control of devices, with hackers then able to determine the location of their victims and even copy their contacts list or files (including photos and videos).
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
Another scary feature of this attack is the ability to drop incoming calls and delete them from the history. This allows the scammers, among other things, to block and hide real calls from banks.
Although Fakecalls is currently only targeting a small number of users it’s still worth being alert before downloading anything onto your phone as there’s nothing to suggest that Fakecalls won’t begin to spread to other parts of the globe.
Kaspersky has published some advice on how to stay safe…
• Download apps only from official stores and do not allow installations from unknown sources. Official stores run checks on all programs, and even if malware still sneaks in, it usually gets promptly removed.
• Pay attention to what permissions apps ask for and whether they really need them. Don’t be afraid to deny permissions, especially potentially dangerous ones like access to calls, text messages, accessibility and so on.
•Never give confidential information over the phone. Real bank employees will never ask for your online banking login credentials, PIN, card security code or confirmation codes from text messages. If in doubt, go to the bank’s official website and find out what employees can and cannot ask about.