This Android malware redirects calls you make to your bank to go to scammers instead

Researchers at Symantec are warning of a new variant of the Fakebank Android malware family that has an unusual twist.

Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank.

Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank.

Sign up to our newsletter
Security news, advice, and tips.

Very sneaky.

Security measures built into Android 8 (Oreo) and later prevent the true caller’s ID from being overlaid, and so that part of the deception won’t work. Of course, many Android users have experienced great difficulties in finding a way to update their older Android devices.

Other measures Android users should take is to exercise greater care about the apps that they install – being wary of apps distributed via unofficial markets, and being careful to review the permissions requested by an app upon installation.

Apps infected with the Fakebank malware are being distributed via social media and third-party Android markets. The malware has only been seen targeting South Korean banking customers so far, but if the tactic is successful we shouldn’t be surprised if it is used elsewhere.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.