A Fakebank variant of Bank Trojan can intercept calls and connect victims to scammers

Security company Symantec said on Thursday that they discovered a new variant of Fakebank when analyzing malware-infected Android applications and are targeting South Korean bank customers. A total of 22 malicious applications were discovered, all of which originate from third-party Android app stores and some social media sites.

Fakebank is a bank Trojan program that uses screen overlap coverage to steal victim’s bank account details. Simply put, when the victim opens a legitimate mobile banking application, Fakebank will use a fake login interface to cover the entire mobile phone screen in order to intercept the bank account and password entered by the victim.

Image: Symantec

According to relevant data, Fakebank also has other functions in addition to screen overlay coverage, such as controlling the opening or closing of network connections of infected devices, checking whether the device is installed with anti-virus software, and using TeamViewer to grant attacker pairs Full access to infected devices, etc.

Although Fakebank’s previous versions already have so many features, the new variant that Symantec discovered is unique. The new variant includes not only all the features of the previous version but also the ability to intercept the victim’s call to the bank and connect the phone to the scammer’s number.

When a bank customer tries to call a customer service phone, this new variant of FakeBank intercepts the call and converts the dialed number to a pre-configured number in its profile. In this case, the phone number that the bank customer eventually dialed was not the customer service of the bank, but the operator behind FakeBank.

Similarly, FakeBank operators can actively call bank customers through phone numbers that are pre-configured in the malware configuration file, and the numbers appear to come from the bank. Obviously, this will allow the fraud to proceed, and it is not easy to cause the suspicion of the victim.

Mitigation
Symantec recommends users follow these best practices to stay protected from mobile threats:

• Keep your software up to date
• Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
• Pay close attention to the permissions requested by apps
• Install a suitable mobile security app, such as Norton, to protect your device and data
• Make frequent backups of important data

Source: Symantec