The Android malware known as FakeCalls has reemerged since its discovery by Kaspersky in April 2022, and it is affecting residents in South Korea by stealing credit card credentials. It achieves this by impersonating financial institutions and tricks users into believing that they are signing up for a low-interest loan. By using masked phone calls and pre-recorded audio, victims are tricked into believing that they are speaking with a bank’s customer support representative. The app also requests permissions to exfiltrate sensitive data such as live audio and video streams to a remote server. Further analysis shows that the malware has also employed various techniques in order to hide from detection. While the app is only limited to Korea so far, it is possible that it could be modified to affect other regions around the world, with the top countries affected by mobile financial threats being Spain, Saudi Arabia, Australia, Turkey, China, Switzerland, Japan, Colombia, Italy, and India. Additionally, this discovery comes in the wake of other Android banking Trojans such as Nexus and GoatRAT being found by researchers.
