BGR cited a recent report from the zLabs research group saying that a recently upgraded piece of malware allows crooks to impersonate voices to steal sensitive information such as credit cards and user accounts.
Dubbed FakeCall, the malware uses a technique called “vishing” – voice phishing, to trick victims into revealing sensitive information such as credit card numbers and banking information through phone calls. fake phone calls and voice messages.
FakeCall sneaks into the victim's phone by disguising itself as a call utility (with an APK file extension) on 3rd party application stores.
“Imagine you call your bank but the person on the line is a hacker. That is exactly what FakeCall malware can do,” the report said.
According to experts at zLabs, this is an extremely sophisticated attack that takes advantage of malware to take almost complete control of mobile devices, including blocking incoming and outgoing calls. Victims are tricked into calling fake phone numbers planted by attackers.
FakeCall sneaks into the victim's phone by disguising itself as a call extension (with an APK file extension) on 3rd party app stores. Once this malware is installed, it prompts users set it as the default app – this helps it manage incoming and outgoing phone calls.
The first dangerous point is that it can modify the called number, replacing it with a malicious number, tricking users into making fraudulent calls. Second, it can block and control incoming and outgoing calls, secretly making unauthorized connections.
“If the victim calls their bank or credit card company, the app displays the number they called, while discreetly redirecting the call in the background, thus tricking the victim into revealing their information. about credit cards, banks, etc.,” the report said.
Users can only know when they delete the malicious app or restart the device.
Users are advised to remove untrusted calling applications from their phones.
To avoid being infected with this scary Android malware, users should not download APK files from third parties. Only install applications available on the Google Play Store, where applications are strictly tested by Google.
According to recommendations from Forbes, users should ensure that the default Phone application on the device has not been changed, remove unreliable calling applications from the phone, and do not grant accessibility permissions to third-party applications. 3rd into the call and always turn on Google's Play Protect feature.
