• Android malware “FakeCall” now reroutes bank calls to attackers

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Android malware “FakeCall” now reroutes bank calls to attackers

    Author
    Topic
    #2713648

    https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/

    A new version of the FakeCall malware for Android hijacks outgoing calls
    from a user to their bank, redirecting them to the attacker’s phone number instead.

    The goal of the latest version remains to steal people’s sensitive information and money from their bank accounts…

    https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/..

    * Always install apps from Google Play (even though it has its share of malware apps too).

    1 user thanked author for this post.
    Viewing 0 reply threads
    Author
    Replies
    • #2713655

      Interestingly enough, the Eset Device Scan seems to do it’s thing daily, usually in the wee hours (4-6AM), even though I’m running the free version of Eset. Handy. I update each AM.

      Wish the article had named the app names this beast has been found in, although one could search for the individual file names on your device…

      In any case, stuff like this makes me just push back when the bank keeps trying to get it’s app on my phone. Nope. Not until I have to. Laptop, desktop, or actually (gasp) phone them.

      We had a tower go fritzy lasting two days here (Thank you, Mint/T-Mumble), and I could not get the 2FA codes; it took 20 bloody minutes of shenanigans to get into my account.

      Unfortunately, the harder you make it, the more things can go wrong. Happily, my bank has 24/7 live human support. Just had to fork over the last four of my SSN, phone number, password, my uncle’s favorite horse name, my shoe size and the color of my toilet roll… |:/>>>>

      Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      • #2713698

        In any case, stuff like this makes me just push back when the bank keeps trying to get it’s app on my phone. Nope. Not until I have to. Laptop, desktop, or actually (gasp) phone them.

        This malware doesn’t impersonate a bank app. It intercepts phone calls to a bank.

        A bank’s mobile app is the most secure method of remote banking:

        “I give bank apps on mobile devices the edge when it comes to safety,”

        Is It Safer to Bank by Phone or Computer? We Ask 3 Experts

        2 users thanked author for this post.
        • #2713738

          To be more complete, the nerdwallet link gives the opinions of three “experts”, one of which you quoted who gave the edge to bank apps on mobile devices.

          The second “expert” said either/or depending on one’s location (the either/or being computer or smartphone).

          The third “expert” said banking with computers in a secure environment was safer.

          Taken together the three opinions seem to average out to no safety advantage for either type of device.

          Each “expert” gives rationale for their opinion in the article.

          2 users thanked author for this post.
    Viewing 0 reply threads
    Reply To: Android malware “FakeCall” now reroutes bank calls to attackers

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: