Symantec describes some Android banking malware making things more complicated for victims in Russia and South Korea:
Typically, when a banking customer calls a customer care number through a registered mobile device, their call will be routed to an Interactive Voice Response (IVR) System. By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device. Affected users can still find other channels, such as email or landline calls, to reach customer care.
We’re used to seeing malware preventing victims from reaching anti-virus company websites, now we have banking malware stopping you from calling the banks.
Although this particular malware appears to be targeting Russians and South Koreans, there is clearly the opportunity for this technique to be used elsewhere in the world.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.