Vishing, Mishing Go Next-Level With FakeCall Android Malware

  /     /     /  
Publicated : 23/11/2024   Category : security


Vishing, Mishing Go Next-Level With FakeCall Android Malware


A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.



A new variant of a sophisticated malware that helps attackers carry out advanced voice and mobile phishing (aka
vishing
and mishing) attacks against Android users has evolved with new capabilities that extend their control over compromised devices to commit further malicious activities.
FakeCall, a malware thats been tracked by
various research groups
since at least 2022, conducts the attacks by tricking victims into calling fraudulent phone numbers controlled by the attacker, and then impersonating a typical conversation with bank employees or other entities aimed at defrauding the user in some way.
FakeCalls capability historically lies inherently in its design for communicating with an attacker-controlled command-and-control (C2) server, enabling it to execute a range of actions aimed at deceiving the end user. In addition to allowing attackers to control a persons phone calls, it also allows them to gain access to various permissions to Android devices for other malicious activity.  
Researchers at Zimperium zLabs
now have discovered
a new variant of FakeCall that adds novel capabilities — some of which appear to be under development — that give attackers even more capabilities to monitor peoples device activity and control the device with even more precision, they revealed in a blog post published today.
The variant demonstrates attackers coming up with new and strategic ways to create a more seamless integration with Android devices, which can help the malware avoid detection and remain active on a users device without them knowing, the researchers found.
Specifically, one of the features allows for the malware to integrate with Androids Accessibility Service to give attackers significant control over the user interface and the ability to capture information displayed on the screen, according to the post.
The feature demonstrates how attackers can evolve past simple device permissions to abuse an even more complex attack vector, granting attackers near-total control to intercept calls, access sensitive data, and manipulate the user interface, notes Jason Soroko, senior fellow at Sectigo, a provider of certificate life-cycle management (CLM).
By seamlessly mimicking legitimate interfaces, attackers also are making detection by users nearly impossible, he says, highlighting a critical need for advanced security solutions capable of detecting this threat.
Other new features extend FakeCalls persistent spyware capabilities, which have existed since it was first discovered and set it apart from other vishing and mishing attacks, which tend to be a one-time engagement. One of these is a Bluetooth receiver that acts as a listener to monitor Bluetooth status and changes, while the other is similar, but it acts as a screen receiver to monitor the state of the devices screen.
FakeCall was
first detailed
by researchers at Kaspersky in April 2022 as a banking Trojan with extended capability to intercept calls that users make with their banks, to create a fake customer-service experience for malicious purposes.
The malware also had some spyware capabilities, including a feature to turn on a devices microphone and send recordings from it to an attackers C2 server; the ability to secretly broadcast audio and video from the phone in real-time; and the option to pinpoint device location.
A typical FakeCall attack begins when victims download a malicious APK file (masquerading as a legitimate app) onto an Android mobile device through a phishing attack, which acts as a dropper for FakeCall. When launched, the app prompts the user to set it as the default call handler and, once designated, attackers can manage all incoming and outgoing calls. The malware then displays a custom interface mimicking the native Android dialer, seamlessly integrating its malicious functionality.
While the primary function of FakeCall is to monitor outgoing calls and transmit info to attackers via a C2 server, cyberattackers also can commit other malicious activities using the malware. These include identity fraud, which can be done by exploiting FakeCalls position as the default call handler. The malware can modify the dialed number, replacing it with a malicious one and thus deceiving users into making fraudulent calls.
Attackers also can use FakeCalls
adversary-in-the-middle (AitM)
approach to hijack incoming and outgoing calls, to make unauthorized connections with other mobile device users. In this case, users may be unaware until they remove the app or restart their device, according to the post.
As
vishing
and mishing attacks have become a worldwide epidemic that defrauds users of
millions of dollars
annually — including even the most
tech-savvy individuals
— its imperative that people learn to defend themselves from sophisticated versions of these attacks, experts say.
One way to do this is to scrutinize carefully any Android apps being downloaded or used on devices, and to only acquire apps from trusted app stores, Soroko says.
FakeCall is especially dangerous to enterprises given that mobile these days is a primary tool for doing business. This makes compromise of that device potentially catastrophic, notes Mika Aalto, co-founder and CEO at Hoxhunt, a human risk-management platform.
To avoid this scenario, the most important thing that companies can do, Aalto says, is to equip senior management and employees with the skills and tools to recognize and safely report a mobile phishing attack.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Vishing, Mishing Go Next-Level With FakeCall Android Malware