total-news-1024x279-1__1_-removebg-preview.png

SELECT LANGUAGE BELOW

Updated Android malware can hijack calls you make to your bank

Remember those TV shows where the villains are defeated one season, only to come back stronger the next? Think Netflix's Stranger Things. That's exactly what the malware we're talking about here is. It's called FakeCalls, and it evolves with new hidden methods as researchers figure out how it infects devices.

Earlier this year, the malware was reported to be impersonating major financial institutions, but now security researchers have discovered that the malware has been further upgraded. Calls made to banks using Android smartphones can also be hijacked.

Enter Cyberguy's $500 Holiday Gift Card Sweepstakes

Man surfing with Android smartphone (Kurt “Cyber ​​Guy” Knutson)

What you need to know

FakeCalls is a banking Trojan that focuses on voice phishing, where victims are tricked into sharing sensitive information with a fraudulent phone call impersonating their bank. Previous versions accomplished this by prompting users to call their bank from within an app masquerading as a financial institution. peepee computer. However, in the latest version, Zimperiumsets itself as the default call handler.

The default call handler app manages incoming and outgoing calls and allows users to answer, decline, and initiate calls. As you can imagine, granting these permissions to malicious apps comes with significant risks.

When a user gives the app permission to set itself as the default call handler, the malware gains permission to intercept and intercept both outgoing and incoming calls. It also displays a fake calling interface that looks just like the real Android dialer, complete with reliable contact information and names. This level of deception makes it extremely difficult for victims to understand what is going on.

“When an infected individual attempts to contact a financial institution, the malware redirects the call to a fraudulent number controlled by the attacker,” Zimperium's new report explains. “The malicious app tricks users into displaying a fake UI that looks like a legitimate Android calling interface that displays a real bank phone number.”

“The malware's fake UI mimics the real banking experience, so the victim is unaware of the operation, which could allow the attacker to extract sensitive information or gain unauthorized access to the victim's financial accounts. “There are,” the report added.

Updated Android malware could hijack calls to your bank

Android home screen (Kurt “Cyber ​​Guy” Knutson)

Android banking Trojan evolves to evade detection and attack globally

Malware can also steal data

This malware can not only hijack calls but also steal data. You have access to Android's accessibility permissions, which basically gives you the freedom to do whatever you want. The developers of this malware have also added some new commands such as starting live streaming of the device screen, taking screenshots, unlocking the device if it is locked, and temporarily turning off auto-lock. You can also use accessibility features to mimic pressing the home button, delete images specified by the command server, access photos and thumbnails from your storage, especially the DCIM folder, compress and upload them. You can also.

Updated Android malware could hijack calls to your bank

android mobile phone (Kurt “Cyber ​​Guy” Knutson)

Android banking Trojan impersonates Google Play to steal data

6 ways to protect yourself from FakeCalls malware

1) Use strong antivirus software: Android has its own built-in malware protection called Play Protect, but the FakeCalls malware proves that it's not enough. Historically, Play Protect has not been 100% sure to remove all known malware from Android smartphones. Also, do not click on any suspicious links in messages or emails. The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to install antivirus protection on all your devices. This also results in a warning like this: phishing email or Ransomware scam.

Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.

2) Download apps from trusted sources. It's important to only download apps from trusted sources, such as the Google Play Store. FakeCalls malware infects your phone when you download an app from an unknown link. Android users should only download apps from the Play Store, which undergoes strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores as this increases the risk to your personal data and device. Also, never trust download links received via SMS.

3) Be careful with app permissions. Always check the permissions requested by the app before installing. If an app requests access to features that you believe are unnecessary for its functionality, it may be a sign of malicious intent. Don't give apps accessibility permissions unless you really need them. Avoid granting permissions that could compromise personal data.

4) Update your device's operating system and apps regularly. Store the software to date This is very important because updates often include security patches for newly discovered vulnerabilities that can be exploited by malware such as FakeCalls.

5) Regularly monitor financial activities. Check your bank and credit card statements frequently for fraudulent transactions. Set up account activity alerts to be notified immediately when suspicious activity occurs.

6) Restrict sensitive transactions on mobile: Whenever possible, avoid performing high-risk transactions (such as sending large amounts of money) on your mobile device, especially if you: Connected to public or unsecured Wi-Fi. Use a secure computer or contact your bank directly from a verified number.

The hidden cost of free apps: personal information

Cart important points

Hackers are constantly refining their tactics and finding clever ways to hack your devices and scam you out of your hard-earned money. I really think that Android smartphone manufacturers and Google need to step up their security efforts to ensure that users don't get hacked as often. I don't think the same level of malware would affect the iPhone.

How comfortable are you using your mobile phone for financial transactions? And what makes you feel more secure? Email us. Cyberguy.com/Contact.

CLICK HERE TO GET THE FOX NEWS APP

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.

Ask your cart a question or let us know your story you'd like us to feature.

Follow Kurt's social channels:

Answers to CyberGuy frequently asked questions:

New from cart:

Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.

Facebook
Twitter
LinkedIn
Reddit
Telegram
WhatsApp