Fakecalls, the Trojan that imitates telephone calls
Do you really know who’s calling?
“Fakecalls” is malware able to intercept telephone calls, reproduce voice messages and spy on infected devices. Evidence suggests that use is restricted to South Korea for now, though signs point to sophisticated advances in the world of cybercrime, which may not take long to spread around the world.
How the Fakecalls Trojan works
Fakecalls is a Trojan horse disguised – and very well disguised – as a banking application. In cases that have been identified and analyzed, it simulates the interface of two of South Korea’s leading banks. Name, logo, colors and even the telephone numbers informed on the false app imitate the original version.
As soon as it’s downloaded, the app requests a series of permissions, like access to the microphone, location, contact list... With this, besides spying on device usage, criminals can intercept calls, falsify numbers, alter your call history and loads more.
Fakecalls Trojan strategies and dangers
-
Interception of calls to banks: contrary to banking Trojans, Fakecalls can imitate customer support calls. If a victim calls the bank telephone directly, the Trojan discretely interrupts the connection and opens a fake call screen. The call seems normal, but, in truth, hackers are actually in control.
-
Fake telephone calls: besides intercepting calls that you make from your device, criminals use Fakecalls to contact victims, too, falsifying the number that appears. This is made possible by the Trojan horse, which displays its own screen over the system screen, thus victims don’t see the real number being used by criminals, instead they see one being exhibited by the Trojan horse, like that of a banking support service.
-
Automated voice messages: this is one of Fakecalls’ unique features. Besides spying on hacked devices and managing to alter calls, this Trojan can also reproduce previously recorded messages, very similar to those used by bank call centers. It’s as though a caller is actually speaking with the user.
All these strategies are aimed at securing a user’s private information, especially banking information, to gain access to accounts and steal a victim’s money. However, these aren’t the only concerns surrounding Fakecalls.
Fakecalls spy tools
Fakecalls also features spy resources typical to banker Trojans. Using all the permissions granted at the time of installing the app, the threat can come in many forms. Once on the device, the malware can:
-
Activate the telephone microphone and send recordings.
-
Secretly transmit audio and video from the telephone in real-time.
-
Determine the device’s location.
-
Copy the contact list.
-
Copy files like photos and videos.
-
Access call history and SMS.
How to remain safe from Fakecalls and other banker Trojans
The good news is that, as powerful and innovative as Fakecalls malware may be, the tips to avoid it are pretty simple.
-
Only download apps from official stores, preferably through links available on the developer’s official website.
-
Don’t provide unnecessary permission to just any app. If an application requests excessive permission, which doesn’t really correspond to its function, deny and double-check the origin of the app.
-
Never provide confidential information over the telephone. Banks never request this type of data over the phone.
Article originally written in Portuguese by Perallis Security Content Team: Fakecall, o trojan que imita ligações telefônicas — Perallis Security