FakeCall Android malware variant redirects victim’s calls to cybercriminals

A variant of FakeCall ‘malware’ has expanded its capabilities to not only deceive the victim with fraudulent calls, but also intercept their own calls to redirect them to numbers controlled by cybercriminals in order to steal their sensitive data.

Researchers at security firm Zimperium have noticed a variant of Android malware known as FakeCall, designed to trick victims through fraudulent calls.

FakeCall is a threat that is mainly distributed through ‘phishing’, that is, emails that pretend to come from a legitimate sender, tricking the victim into downloading a file.

Once it is on the Android phone, it installs a malicious payload to connect to a command and control server managed by cybercriminals.

In this way, they manage to take control of the device, making it easier to carry out actions on it. In the case of the variant analyzed, it can camouflage the number of a fraudulent call and intercept the calls that the user receives or makes to redirect them to a fraudulent number, as reported on their official blog.

In both cases, the objective is to trick you into providing personal and sensitive data, such as your card or bank account number or access credentials to certain digital services.

Zimperium’s investigation has identified 13 apps and two dex files associated with the FakeCall campaign.

By Editor

Leave a Reply