Urgent Android warning over new bank raiding attack that takes almost complete control of phones and listens to calls
ANDROID phones are at the heart of a new malware attack that sees hackers take “almost complete control” of people’s devices.
The malicious software, called FakeCall, grants cyber crooks the ability to listen in on calls, and even record videos of Android users without them realising.
Once an Android device is infected with FakeCall, hackers can capture information that is displayed on the screen.
It essentially puts all your texts, contact list, location data, and installed apps, into the palms of fraudsters.
They can even use it to record audio snippets, as well as take pictures and video from both the rear and front-facing cameras.
Malicious actors can then upload that data – including pictures and videos they’ve snapped – to their own devices.
“FakeCall is an extremely sophisticated vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming and outgoing calls,” Zimperium researcher Fernando Ortega said in a report published last week.
“Victims are tricked into calling fraudulent phone numbers controlled by the attacker and mimicking the normal user experience on the device.”
Bank raid
The FakeCall malware, which first emerged in April 2022, has had a number of variations since its inception.
The most alarming risk is that FakeCall has been used to hijack phone calls you make to your bank.
Instead of reaching your bank, your call will be redirected to the cyber crooks.
“When the compromised individual attempts to contact their financial institution, the malware redirects the call to a fraudulent number controlled by the attacker,” Ortega added.
“The malicious app will deceive the user, displaying a convincing fake UI that appears to be the legitimate Android’s call interface showing the real bank’s phone number.
“The victim will be unaware of the manipulation, as the malware’s fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorised access to the victim’s financial accounts.”
Previous variants of the malware were found to prompt users to call the bank from within a fake version of their banking app.
Crooks would masquerade as a financial institution offering a loan with a lower interest rate, The Hacker News reported.
SIGNS YOUR ANDROID PHONE IS INFECTED
Here's Google's official list of signs that you might have malware on your Android phone...
You may have malware on your device if:
- Google signed you out of your Google Account to help protect you from malware on your device.
- You notice suspicious signs on your device, like pop-up ads that won’t go away.
Device symptoms
- Alerts about a virus or an infected device
- Anti-virus software you use no longer works or runs
- A significant decrease in your device’s operating speed
- A significant, unexpected decrease in storage space on your device
- Your device stops working properly or working altogether
Browser symptoms
- Alerts about a virus or an infected device
- Pop-up ads and new tabs that won’t go away
- Unwanted Chrome extensions or toolbars keep coming back
- Your browsing seems out of your control, and redirects to unfamiliar pages or ads
- Your Chrome homepage or search engine keeps changing without your permission
Other symptoms
- Your contacts have received emails or social media messages from you, but you didn’t send the emails or messages.