Kaspersky Lab warned about the interception of user calls to banks

Experts from Kaspersky Lab told about the detected banking Trojan called Fakecalls. It can intercept user calls to financial institutions, such as bank help desk.

According to experts, the malware masquerades as banking applications of well-known South Korean banks. Under the guise of employees of a financial organization, attackers can try to extract payment data or other confidential information from victims.

When a person calls the bank’s hotline, the Trojan opens a fake call screen, and then events develop according to one of two options. First, Fakecalls connects the victim directly to the attacker, who poses as a support person. Second, while the connection is in progress, the Trojan plays short audio recordings in Korean. The entry might be something like this: “Hello, thank you for calling our bank. Our call center is currently handling a high volume of calls. The consultant will contact you as soon as possible. This allows attackers to gain confidence in the victims and receive valuable information from them in the course of a further conversation, including bank account details.

Once installed, the Fakecalls app asks for a lot of permissions, such as access to contacts, microphone, camera, geolocation, and call control. With their help, the malware can drop incoming calls and delete them from the history on the device, for example, if a real representative of the bank tries to get through to the client.

The attackers use the logos of real banks and show real support numbers that match those that can be found on the official websites of banks. However, the authors of Fakecalls did not take into account that different bank customers may use different interface languages, such as English instead of Korean. The Trojan’s screen only shows the Korean version and, accordingly, some users may recognize the trap.