FakeCall is a highly sophisticated malware specifically designed to target mobile devices, particularly Android platforms. It operates by hijacking call functions on these devices, and has the ability to intercept and manipulate both outgoing and incoming calls. Using a command-and-control (C2) server, it issues commands and executes actions covertly on the infected device. This malware is known for its advanced use of vishing (voice phishing), exploiting unique mobile features like voice and SMS capabilities. It's identified as Android/Trojan.Banker.Fakecall by Malwarebytes for Android, indicating its primary function as a banking Trojan.
The FakeCall malware is notably versatile and deceptive. It tricks users by mimicking the Android dialer and showing trusted contact information, thereby creating an illusion of authenticity. Its primary exploitation tactic involves hijacking calls made to financial institutions and redirecting them to scammers. This is achieved through the Monitoring Dialer Activity service which monitors events from the com.skt.prod.dialer package, allowing it to detect when the user is attempting to make calls. In previous versions, FakeCall tricked users into calling scammers by displaying a fake bank screen with the real bank's number.
The distribution of FakeCall primarily occurs through fake banking apps that impersonate large financial institutions, as well as through phishing emails. Upon installation, the latest version of FakeCall sets itself as the default call handler, thereby gaining control over all outgoing calls. Furthermore, it has the capability to access live audio and video streams from the infected devices, posing significant privacy risks. The last reported surge of this malware was documented by BleepingComputer, highlighting its recurring threat to Android users.
Description last updated: 2024-10-31T22:02:53.892Z