One of the last dependable customer service experiences we have left is being able to call our banks and talk to a real person, even if it means waiting on hold. But recent developments in Android malware may make users think twice before making that next bank call. The new trojan malware, known as “FakeCall” or “FakeCalls,” has emerged, intercepting calls to banks and rerouting them to hackers, leaving the caller completely unaware of the shift.
According to BleepingComputer, the malware has been active for over two years, but recent iterations have become more complex and stealthy. Initially disguised as a legitimate banking app, FakeCalls now hides on users’ devices as a sideloaded APK, which gains permission to become the default call handler, effectively replacing the device’s standard dialer. Once installed, the malware runs in the background, waiting for users to dial a bank’s customer service number. If it detects such a call, it reroutes the call to a hacker posing as a bank employee. Masked by a spoofed visual element, the hacker collects sensitive information like account numbers and security details, gaining access to drain the user’s accounts.
FakeCalls can also initiate fake calls from the “bank” to the user, among other devious tricks. More concerning is its ability to monitor Bluetooth connections and manipulate Android’s accessibility tools to fake interface elements, making it even more difficult to detect. While it hasn’t shown up on the Google Play Store, security firm Zimperium has identified several APK variants in the wild, disguised under names like com.securegroup.assistant.
As a precaution, users are advised to avoid downloading apps from unverified sources, as malware often enters through sideloaded APKs. Staying vigilant and sticking to trusted app sources remains crucial for Android users.