Researchers at Symantec are warning of a new variant of the Fakebank Android malware family that has an unusual twist.
Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank.
Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank.
Security measures built into Android 8 (Oreo) and later prevent the true caller’s ID from being overlaid, and so that part of the deception won’t work. Of course, many Android users have experienced great difficulties in finding a way to update their older Android devices.
Other measures Android users should take is to exercise greater care about the apps that they install – being wary of apps distributed via unofficial markets, and being careful to review the permissions requested by an app upon installation.
Apps infected with the Fakebank malware are being distributed via social media and third-party Android markets. The malware has only been seen targeting South Korean banking customers so far, but if the tactic is successful we shouldn’t be surprised if it is used elsewhere.