According to a report from mobile security platform Zimperium, threat actors are using a modified version of Android malware, dubbed “FakeCall,” taking control of phone dialers and intercepting calls made to banks.
- “FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming and outgoing calls. Victims are tricked into calling fraudulent phone numbers controlled by the attacker and mimicking the normal user experience on the device.”
First reported by Kaspersky in 2022, the attack mimicked banking apps and let users make calls through them. Attackers would overlay the bank’s actual number on victims’ screens and then impersonate bank employees when the victim called the number, thereby obtaining users personal banking information.
Ted Miracco, CEO, Approov had this to say:
“Google’s isolated approach to Android security has proven insufficient, as exemplified by recurring threats like ‘FakeCall.’ Dismantling Google’s monopolistic Play Store and fostering competitive app stores with open standards for security—including attestation and a transparent rating system—would empower consumers with clearer insight into app risks and access to safer, rigorously vetted applications.”
The fact that this was first discovered in 2022 and is still around today shows that there needs to be a new approach to keep this sort of malware from being a problem. Hopefully Google who is in all sorts of trouble when it comes to the Play Store can come to the table with something that addresses this once and for all.
Related
This entry was posted on November 1, 2024 at 3:21 pm and is filed under Commentary with tags Google. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Uncovering the Evolving Functionality of FakeCall Malware
According to a report from mobile security platform Zimperium, threat actors are using a modified version of Android malware, dubbed “FakeCall,” taking control of phone dialers and intercepting calls made to banks.
First reported by Kaspersky in 2022, the attack mimicked banking apps and let users make calls through them. Attackers would overlay the bank’s actual number on victims’ screens and then impersonate bank employees when the victim called the number, thereby obtaining users personal banking information.
Ted Miracco, CEO, Approov had this to say:
“Google’s isolated approach to Android security has proven insufficient, as exemplified by recurring threats like ‘FakeCall.’ Dismantling Google’s monopolistic Play Store and fostering competitive app stores with open standards for security—including attestation and a transparent rating system—would empower consumers with clearer insight into app risks and access to safer, rigorously vetted applications.”
The fact that this was first discovered in 2022 and is still around today shows that there needs to be a new approach to keep this sort of malware from being a problem. Hopefully Google who is in all sorts of trouble when it comes to the Play Store can come to the table with something that addresses this once and for all.
Share this:
Like this:
Related
This entry was posted on November 1, 2024 at 3:21 pm and is filed under Commentary with tags Google. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.