Devious FakeCall Android Malware Hijacks Bank Calls To Pick Your Pocket
In the version seen back in 2022, FakeCall would trick users with an app, which would make it appear as if they’re calling their bank when the call was really going to the threat actor. This time around, FakeCall sets itself up as Android’s default call handler after gaining permissions from the victim’s device, essentially taking over all call related duties. This method allows Fakecall to masquerade as the Android dialer, making it difficult for victims to detect that they’ve been compromised and directing their calls to the scammers.
While this new version of FakeCall appears to still be in development with incomplete features, it still boasts upgrades over the prior version. This includes using Android’s accessibility services to gain further control over the device, automatically granting itself permissions, recording video or audio, deleting apps, and obtaining location information. This is quite the set of tools for attackers to inflict maximum damage on their victims, and will only become more dangerous as time goes on and the malware becomes more feature complete.
These malware revival projects have become more and more common on Android, so users need to remain vigilant about the apps they choose to install on their devices. It’s recommended that users stick to the official Play Store and that they enable Play Protect to reduce the chance of falling victim to malicious apps.