Summarised by Centrist
An updated version of the Android malware FakeCall has emerged, enabling cybercriminals to intercept calls to banks by taking over phone dialers. Initially spotted in 2022, FakeCall mimics banking apps and tricks users into setting it as the default calling app on their devices.
Once activated, it reroutes calls meant for the bank to the attacker’s number, allowing scammers to impersonate bank employees. “Users will be unaware of the takeover until they uninstall the malicious app,” explains malware researcher Fernando Ortega.
The malware’s latest upgrades improve its control over infected devices. It can now monitor Bluetooth status, track screen activity, and even grant permissions to apps without the user’s consent. This gives attackers the ability to access data on the device remotely, so it’s important for users to avoid downloading app installer files (APKs), which set up and run apps on your device, from untrusted sources.
Security experts recommend sticking to vetted apps and considering Android antivirus options for added protection against this sophisticated threat.
