A new threat known as Fake Call malware is becoming a major concern for millions of Android users. This menacing malware is designed to steal banking information from smartphones and relay that information to hackers. Additionally, it hijacks incoming banking calls on users' phones, creating a significant risk for anyone using online banking services.
First identified by Kaspersky in 2022, the latest version of the Fake Call malware has evolved into an even greater threat. Reports indicate that this upgraded version allows hackers to remotely take control of smartphones. Cybersecurity firm Zimperium has sounded the alarm about this enhanced malware, which employs a technique called Vishing, or voice phishing. Through this method, users are targeted via fraudulent banking calls or voice messages.
Here’s how it operates:
Hackers distribute this malware to Android smartphones using APK files. Once a user instals an app from an APK, the Fake Call malware prompts them to set it as the default dialer and requests various permissions. Users often unwittingly grant these permissions, allowing hackers to continuously access information about incoming calls and those dialled out.
To avoid detection, this malware also utilises a Fake UI, mimicking legitimate user interfaces. It typically hides within third-party apps and dubious download platforms. By installing any app from an untrusted source or APK, users risk allowing this malware to infiltrate their devices and gain control.
So, how can you protect yourself?
- To keep this type of malware at bay, remember to only download apps from the official Google Play Store.
- Avoid installing apps from any third-party app stores or websites, and steer clear of APK file installations.
- Furthermore, be cautious when granting app permissions—unnecessary permissions can give access to your phone’s camera, microphone, and more.
ALSO READ: Samsung to return to mixed reality device market after 10-year absence with launch of new devices
