A dangerous new malware known as ‘FakeCall’ has emerged as a significant threat to Android users, raising alarms among cybersecurity experts. This sophisticated malware has the ability to monitor bank-related calls, redirecting them to scammers who pose as bank representatives. Once connected, these fraudsters can extract sensitive information, leading to potential theft of funds from victims’ accounts.

Kaspersky first identified this updated version of FakeCall in 2022, and its capabilities have only grown more concerning. The malware can now remotely control smartphones, making it even more formidable.

According to a recent report by cybersecurity firm Zimperium, the latest iteration employs ‘Vishing’ technology. Vishing, or voice phishing, tricks individuals into revealing personal information – such as credit card numbers and banking details – via deceptive phone calls or voice messages.

How FakeCall Infects Devices

The malware typically infiltrates devices when users download suspicious APK files or apps from unverified sources. Once installed, FakeCall requests permission to set itself as the default dialer app. If granted, it gains extensive control over the device through accessibility services, enabling it to monitor all incoming and outgoing calls.

Redirecting Calls to Criminals

When users attempt to call their bank, FakeCall redirects the call to cybercriminals. These criminals then request sensitive information, such as one-time passwords (OTPs) and account passwords, facilitating unauthorised access to victims’ bank accounts. The malware is alarmingly versatile, capable of recording screens, taking screenshots, unlocking devices, and even disabling auto-lock features.

Detection Challenges and Safety Precautions

Detecting FakeCall is particularly challenging, as it mimics the authentic Android call interface. Reports indicate that the malware is spreading through counterfeit websites that masquerade as the Google Play Store. Zimperium identified at least 13 apps linked to the malware, although specific names have not been disclosed.

To protect against this threat, experts advise users to avoid downloading apps from unverified sources outside the Google Play Store. Additionally, regular phone reboots and routine scans with antivirus software are recommended as preventative measures.