The new version of the FakeCall Trojan for the Android mobile OS intercepts incoming and outgoing voice calls in the most sophisticated ways, broadcasts an image of the screen on the phone to attackers, sends them screenshots, can unlock the device and do much more. This was reported by the company Zimperium, which specializes in mobile cybersecurity.
Image source: Gerd Altmann / pixabay.com
The FakeCall Trojan was first discovered by Kaspersky Lab back in 2022; even then it carried out Overlaying attacks, showing its own window on top of legitimate applications, and resorted to other tricks to convince victims that they were talking on the phone with employees of their bank. At the end of last year, CheckPoint experts published a report on an updated version of the malware, which by that time was disguised as applications from twenty financial organizations. Now the capabilities of the Trojan have expanded – it can intercept incoming and outgoing calls.
FakeCall is distributed through malicious applications that the user himself downloads to his phone. Its previous versions forced victims to call hackers, and a window on top of the phone application showed the number of the bank where the client was served. The new version of the Trojan, using accessibility services, itself becomes the default phone call handler, receiving user permission, and no longer resorts to Overlaying. Hackers controlling a malicious campaign can intercept incoming and outgoing calls. In some cases, the FakeCall window displays the interface of a standard Android phone application and displays the names of the victim’s most frequent contacts; but if the victim tries to call a bank or other financial institution, the Trojan directs them to a phone number controlled by the attacker. The victim thinks he is talking to a bank employee and may provide him with confidential information that can later be used in fraudulent schemes.
Image source: Pexels / pixabay.com
The latest version of FakeCall has also acquired other new functions: live broadcast of what is happening on the screen, sending screenshots to attackers, unlocking the phone and temporarily disabling auto-lock – this is an incomplete list of the Trojan’s capabilities. It is assumed that the malware is still actively being developed and is acquiring new capabilities.
To protect yourself from FakeCall, it is recommended to follow standard digital security measures: avoid installing applications from APK files from unverified sources; use large app stores more often and search for new titles directly through them, rather than following links from external sources. Experts advise turning on Google Play Protect, a tool for checking downloaded applications, on your phone and at the same time using proven antiviruses. It is not recommended to give applications access to resources that are not needed for their direct operation. Finally, periodically rebooting your device will help protect against some zero-day attacks that occur without user interaction.