New variants of the FakeCall malware have been discovered that impersonates incoming calls from bank employees and reroutes legitimate outgoing calls to bank customer support:
The malware, available on websites masquerading as Google Play, could also simulate incoming calls from bank employees. The intention of the novel feature was to provide reassurances to victims that nothing was amiss and to more effectively trick them into divulging account credentials by having the social-engineering come from a live human.
The interception was possible when victims followed instructions during installation to grant permission for the app to become the default call handler on the Android device. From then on, FakeCall could detect calls to a bank’s legitimate customer-support number and reroute them to an attacker-controlled number. To better hide the sleight-of-hand, the Trojan can display its own screen over the system’s.
Source: https://arstechnica.com/information-technology/2024/10/android-trojan-that-intercepts-voice-calls-to-banks-just-got-more-stealthy/
Fraudsters continue to adapt and develop new impressive tools.
Mitigating controls:
1) Only install trusted apps on your phone
2) Pay attention to permissions requested by apps
3) Uninstall old unused apps
4) Use phishing resistant MFA factors (ex. Authenticator app instead of SMS)
5) Setup alerts on your bank’s app (ex. new bill payment vendor added, new e-transfer recipient added, transaction >$X)
6) Use an iPhone