Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

hacker on phone

You Called Your Bank… But A Hacker Answers Instead

And you thought you got lucky by avoiding the robotic prompts…

Picture this: you’ve just discovered suspicious charges on your account. You call your bank in a panic hoping to sort things out, but little do you know – the “bank representative” on the other end of the line is a hacker. It sounds like something straight out of a thriller(I’m vaguely reminded by Mr. Robot for some reason) but this scenario is exactly what victims of the recent Android banking trojan, FakeCall, are facing.

This new version of FakeCall has hit the scene with new tricks up its sleeve. Originally flagged by Kaspersky way back in 2022, FakeCall uses voice phishing (vishing), fake overlays, and other sneaky tactics to convince users they’re chatting with someone from their bank. Late last year, cybersecurity firm CheckPoint reported that FakeCall could impersonate over 20 financial institutions. But since then, it’s evolved and can now intercept incoming and outgoing calls on Android devices, including some of the most secure ones on the market.

So, here’s what you need to know about this powerful banking trojan and, more importantly, how you can stay one step ahead of it.


How FakeCall Targets Users and What’s Changed

Like most banking trojans, FakeCall spreads through malicious apps sideloaded onto a victim’s phone. These sneaky apps don’t come from official stores, and once downloaded, they prompt users to make a “secure” call to their bank. In the past, the malware used fake overlays showing the bank’s real number to keep users in the dark.

The latest version of FakeCall, however, has upped its game. Analyzed by Zimperium, it no longer uses overlays but rather sets itself as your phone’s default call handler. It does this by tricking you into giving it access to your device’s accessibility services during installation.

With control over your phone’s call handler, FakeCall can intercept both incoming and outgoing calls. When you call your bank, the malware reroutes the call to a hacker’s number. The interface? A convincing fake dialer that looks like Android’s real deal, displaying contact names and details to lull users into a false sense of security. The result: people think they’re speaking with a real bank representative, only to unknowingly hand over sensitive information to a hacker who’s recording everything for future scams or fraud.

But that’s not all – this version of FakeCall packs additional features like screen recording, taking screenshots, unlocking the device, and even disabling auto-lock. These updates make it crystal clear that FakeCall is actively evolving to become even more dangerous.


The Spread: How FakeCall Infects Devices

Zimperium identified 13 malicious apps spreading FakeCall, but instead of releasing their names, they’ve shared indicators of compromise (IoCs) on GitHub. Due to the ease of switching an app name, identifying malware via behavior can be more efficient for security professionals.

But FakeCall is far beyond the only Android malware to be concerned about, but the methods of avoiding infection are generally the same. The easiest way to dodge FakeCall (and other trojans) is by avoiding sideloading apps. Sure, sideloading can be convenient, but remember – these apps skip the strict security checks that official app stores like Google Play and Samsung Galaxy Store require.

When in doubt, don’t download apps as APKs from just anywhere. Instead, head to an official app store and search for the app yourself. Search engines can lead you astray with malicious ads, so play it safe and go directly to a legitimate app store. And while you’re at it, keep your app count low – even trusted apps can become risky if they’re compromised.


Staying Safe: How to Protect Yourself from Banking Trojans like FakeCall

Here’s a quick checklist to keep you safe:

  • Use Google Play Protect: This built-in security app scans both new and existing apps for malware.
  • Consider an antivirus app: Adding a reputable Android antivirus app can give you an extra layer of protection.
  • Limit app permissions: Only grant permissions that apps truly need – hackers can exploit excessive permissions.
  • Avoid sideloading apps: Stick to official app stores whenever possible.
  • Restart your device regularly: A fresh restart can shut down zero-click exploits and stop malware in its tracks.

Hackers are constantly finding ways to exploit apps for attacks, but by following these steps, you can reduce your chances of falling victim to malware like FakeCall. And with FakeCall evolving so quickly, it’s safe to say this won’t be the last we hear of it.

Stay safe out there, and remember – a little caution can go a long way in staying one step ahead of hackers.

Don’t click links from strangers,

Bryce