loader image

There’s a new strain of malware that specifically targets Android users that you should be aware of.  Dubbed simply “Fakecalls,” it is a banking trojan that boasts a powerful new ability we haven’t seen before in the malware world.  It can fake a call from your bank.

On its face, it looks like most of the other mobile banking apps that Android users install.  The graphics are well-done and it’s a convincing copy of the banking software that it seeks to emulate. It displays a very accurate corporate logo and also includes a customer support number for the bank.

Here’s where it gets interesting.  The number shown is the actual customer support number of the bank, but when the user attempts to call that number, the malware will break the connection and display a dummy call screen which is virtually identical to the real one.

The victim still sees the bank’s genuine customer support number on the screen. So, by all outward appearances, nothing has changed. However, the connection that ultimately gets made isn’t to a bank employee but one of the hackers controlling the malicious code.

Naturally the representative will be asking for several sensitive pieces of information to “verify the identity” of the victim who’s calling in. Then, every bit of the information gathered will be used against the victim later.

If there’s a silver lining to be found here it lies in the fact that so far, this app is only offered in Korean. Outside of South Korea you don’t see it very often.  If you do business in that part of the world, you may have some exposure to it.

According to Kaspersky Lab, the malware can only be found on third party sites so it hasn’t penetrated the Google Play Store.  If you steer clear of those third-party sites for downloading apps even if you do business in South Korea your exposure should be quite limited.


FREE Report

The Portland Metro Area Guide to IT Support Services and Fees

What you should expect to pay for its support for your small business (and how to get exactly what you need without unnecessary extras, hidden fees, and bloated contracts)

This field is for validation purposes and should be left unchanged.