An android voice phishing malware campaign called FakeCalls is impersonating over 20 famous financial apps to extort victims. Kaspersky’s first documentation of the malware in 2022 gave an insight into its ability to impersonate banks’ customer support agents.
In a report by Check Point, “FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim’s device.”
Attack analysis revealed that after installing the fake banking app, victims get enticed with low-interest loan offers prompting them to call the financial institution. The malware masks the phone number with an actual banking institution’s number to evade detection.
Victims are requested to provide information, including credit card details, for financial checks and to facilitate loan processing. As part of the loan application process, users must authorize the app to access some information on the device, which allows the threat actors to access sensitive data without the victim’s knowledge.
Further details from Check Point revealed the malware developers used unique and effective anti-analysis techniques and perfectly hid the command-and-control servers behind the operations.
The rise of the malware prompted Cyble to expose Nexus and GoatRAT malware with the ability to extract sensitive data and perform financial fraud.
According to Kaspersky, over 196,476 new mobile banking trojans and 10,543 new mobile ransomware trojans were detected in 2022, with China, Syria, Iran, Yemen, and Iraq emerging as the most attacked countries.
A Kaspersky researcher Tatyana Shishkova explained that the continuous growth of mobile banking Trojans despite the massive reduction in malware installers indicates that cybercriminals focus on financial gain. Although South Korea is the current target, the risk of a fast spread worldwide is higher than ever.
