This is ‘Fakecalls’, the Trojan that poses as a bank ‘app’ and imitates your phone conversations

Analysts from the multinational company dedicated to cybersecurity and privacy, Kaspersky, have discovered a Trojan that, under the name ‘Fakecalls’, pretends to be a banking application and tries to get payment details from the victim and confidential information over the phone.

The ‘Fakecalls’ Trojan imitates both the ‘apps’ of the most popular South Korean banks and their telephone customer service, according to Kaspersky in a statement. The researchers discovered it in January 2021 after verifying that, when a victim calls the bank’s hotline from the ‘app’ believing that it is the original, the Trojan opens its own fake call.

‘Fakecalls’ works in two ways. On the one hand, it is capable of monitoring incoming calls from real banks to prevent them from contacting your customer, unlike the usual banking Trojans.

To do this, and after being installed, the ‘app’ asks for a series of permissions such as access to contacts, microphone, camera, geolocation and call management, which allow it to discard incoming calls and delete them from the device history.

On the other hand, the Trojan can spoof outgoing calls, those made directly by the victim, so that cybercriminals can contact them. To carry out her deception, he displays his own calling screen on top of the system one. Thus, the user does not see the actual number usedbut rather the phone number of the bank’s helpdesk displayed by the Trojan.

In this sense, ‘Fakecalls’ completely mimics the mobile applications of well-known South Korean banks. They insert the actual bank logos and display the actual support numbers as they appear on the front page of their official websites.

There are two possible scenarios that unfold after intercepting the call. In the first, ‘Fakecalls’ connects the victim directly with cybercriminals posing as the bank’s customer service. In the second, the Trojan plays prerecorded audio that mimics a standard greeting and conversation using an automated voicemail.

The Trojan also inserts small audio fragments for greater realism. For example, “Hello. Thank you for calling our bank. Our call center is receiving a high call volume. An advisor will speak with you as soon as possible.”

This strategy allows them to gain the trust of their victims by making them believe that the call is real. The main objective of these types of calls is to extract as much vulnerable information as possible, including their bank account details.

Kaspersky clarifies that the cybercriminals who use this Trojan have not taken into account that some of your potential victims may use different interface languagesfor example, English instead of Korean.

The screen of Fakecall, the ‘app’ that this ‘malware’ masquerades as, only has a Korean version, which means that some of the users who use the English interface language will notice the threat .

How to avoid falling for these types of scams

Kaspersky analysts offer several tips for the user to avoid falling for this type of scam. One of them is download only apps from official stores because they check all the programs and, in case of detecting ‘malware’, it is usually eliminated quickly.

Nor should you allow installation from unknown sources, and pay attention to the permissions that applications ask for, especially “potentially dangerous” ones, such as access to calls, text messages or accessibility.

The team of experts at the cybersecurity company also advises never to give out sensitive information over the phone. Remember that real bank employees will never ask for online banking access credentials, PIN, card security code or text message confirmation codes. In case of doubt, it is advisable to go to the bank’s official website and find out what employees can and cannot ask.

Finally, it is recommended to install a reliable security solution that protects all user devices from banking Trojans and other malicious programs. (I)