Go to listing page

FakeCalls Impersonates Leading Financial Institutions, Targets South Korea

FakeCalls Impersonates Leading Financial Institutions, Targets South Korea
A new Android vishing malware, dubbed FakeCalls, is targeting individuals in South Korea in an attempt to steal financial details. Considered a multi-tasker malware, FakeCalls offers fake loans with low-interest rates from leading financial institutions in the region, tricking them into handing over sensitive information.

Hackers’ bait

Check Point researchers discovered more than 2,500 samples of the FakeCalls malware that imitates internet-banking apps from 20 leading banks, insurance companies, and online shopping services, as well as telephonic conversations with bank employees.
  • During the conversation, the operators replace the displayed phone number with a real bank number to look authentic.
  • Once trust is established, the victims are tricked into confirming the credit card details in the hope of qualifying for a (fake) loan. 
  • When victims install the FakeCalls malware in the disguise of a fake banking app, it extracts private data from the victim’s device with some hidden features without raising any suspicion.

Evasion techniques

The malware operators implement several unique and effective anti-analysis techniques to evade detection. 
  • The malware reads the data via dead drop resolvers in Google Drive or uses an arbitrary web server to keep its real C2 servers hidden.
  • Although no further details were revealed about the other evasion tactics, experts stated that several of these tactics were unique, and observed for the first time in the wild.

Summing up

FakeCalls is consistently targeting financial institutions in South Korea. The malware operators can reuse the same tricks and approaches in other applications targeting other markets around the globe. To stay protected, experts suggest downloading apps only from official and reliable sources.
Cyware Publisher

Publisher

Cyware