Symantec has warned of a new variant of the Fakebank Android malware family that adds a “vishing” (voice phishing) angle: Once installed, the malware will intercept mobile calls a user attempts to make to a bank, redirecting them to a scammer impersonating an agent working for the bank.
The new version is sneaky too: It displays a fake caller ID to make it appear as though the call is really from the legitimate bank.
Symantec said in a blog that at least 22 fake mobile apps, found in third-party Android markets and some social media sites, are targeting Korean bank clients with the malware. Fakebank typically collects bank SMS messages, records phone calls to banks and displays a fake bank login user interface to victims; the ability to intercept incoming and outgoing calls is a fresh capability.
“The Fakebank Android malware could soon be a model adopted by malware makers in parts of the world outside South Korea,” said Paul Bischoff, privacy advocate at Comparitech, via email.
Even though the attack uses a fairly novel approach to scam users, Android owners can avoid it using the same best practices used to avoid any other type of malware, he added: “First, update Android to the latest stable version. The newest release, Oreo, prevents the caller ID from being spoofed by the malware. Avoid downloading apps and files from unknown sources. Don't trust apps from third-party app stores, and be wary of links in web pages and emails. It’s also important to review and limit the permissions of apps you install and install and run antivirus regularly.”