Zimperium has discovered a sophisticated new variant of FakeCall malware, which exploits phone calls to trick users and compromise the security of their sensitive data. Zimperium’s zLabs research team identified 13 apps and several malicious files associated with the new FakeCall campaign.
The FakeCall malware, first detected by teams at ThreatFabric and Kaspersky, uses a technique known as Vishing (voice phishing), a form of phishing that targets mobile devices, in which phone calls or messages Fraudulent voicemail messages are used to trick victims into disclosing sensitive information (login credentials, credit card numbers, bank details, etc.).
FakeCall stands out for its ability to take near-total control of the mobile device, including intercepting incoming and outgoing calls. Victims are tricked into calling fraudulent phone numbers, leading them to believe they are communicating with trusted parties, such as financial institutions.
FakeCall: a formidable attack
Attacks often start with downloading a corrupted application, via a malicious link. Once installed on the device, the application hijacks incoming and outgoing calls and redirects them to numbers controlled by the attackers. At the same time, the user interface perfectly mimics legitimate phone and banking applications, making fraud almost undetectable.
Thanks to communication with a Command and Control (C2) server, hackers can take control, remotely, of user communications: modify the number called, intercept incoming calls. In particular, they can redirect calls to fake bank customer services to access sensitive information.
A new, even more sophisticated and dangerous campaign
zLabs teams discovered that the new version of FakeCall incorporated even more advanced capabilities, such as leveraging Android accessibility services to take full control of the user interface, allowing attackers to simulate interactions at without the user’s knowledge. Additionally, new malware variants have an even more complex architecture with features embedded in native code, making their detection more difficult.