Skip to main content
Cybersecurity

Vishers are upping their game with a new FakeCall malware variant

The new variant is capable of rerouting a victim’s call to their financial institution to a fraudulent number.
article cover

Illustration: Anna Kim, Photo: Adobe Stock

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Vishers are coming in hot this year thanks to a new variant of an Android trojan that would enable them to reroute a victim’s call to their financial institution to a fraudulent number.

Researchers from Zimperium have raised the alarm on new functionalities available to attackers who are using FakeCall, malware that relies on voice phishing to deceive victims into giving up sensitive information, as part of their attack schemes.

According to an October blog post, the attack is executed when a victim downloads an APK file, which serves as the dropper for the malicious payload, on their Android mobile device. Once the victim has the app installed, they are prompted to make it their default “call handler.” From there, victims are presented with a convincing fake user interface that mimics their Android’s call interface.

New features unlocked. The FakeCall malware—which has been detected as early as 2022 by a handful of threat intelligence groups—communicates with a command-and-control server to perform duplicitous actions. With the latest variant, attackers are capable of replacing a dialed number with a malicious one and controlling incoming and outgoing calls. Zimperium researchers wrote in the blog post that these tools would allow attackers to discreetly divert a victim’s phone call to the bank to a fake number in order to gain sensitive information.

Other new functionalities associated with the recent variant include Bluetooth and screen receivers, which would permit an attacker to monitor changes to a victim’s Bluetooth setting and their screen’s state. However, the researchers note that these functions had no malicious activity found in their source code.

Swindled. Vishing has continued to be a popular attack vector used by bad actors. A 2022 Fortra report found that vishing cases increased almost 550% between 2021 and 2022.

The new strain of malware serves as a tool for attackers to execute more sophisticated vishing attacks. Kern Smith, VP of global sales engineering at Zimperium, told IT Brew that the latest research demonstrates how these attackers are becoming more “inventive” in how they leverage seemingly innocent permissions for nefarious purposes.

“These apps are asking for legitimate permissions on Android devices that other legitimate apps need to have to do their job,” Smith said. “It’s just in this case, these apps are abusing those permissions through no fault of Android or iOS or any operating system.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.