What is Android Fakebank?

Latest News

What is Android Fakebank?

There has been a new behavior noted under some apps infected by Android.Fakebank. What is Fakebank you ask? It is a malware (app) by way of which hackers intercept the phone calls which customers dial to or receives from their banks.

Now as you may have guessed that it is due to third-party Android apps which we so willingly allow by denying prompts displayed by Android. The revelations brought 22 apps to the scene. And it was mainly Korean bank clients – affected the most.

What the app actually entails?

Upon further inspection, you will note that Fakebank variants are already widespread in the market which focuses on gathering clients’ bank SMS, in addition to recording phone calls and presenting the client with a fake login UI.

The user upon launching the app inadvertently enter his login information thereby giving away personal data to the command and control server. Next, the server will share configuration which displays phone numbers for scam purposes.

The malware app receives the following numbers:

  • 1. phoneNum_ChangeNum
  • 2. phoneNum_To
  • 3. phoneNum_Come
  • 4. phoneNum_ShowNum

These numbers deceive the client into believing that the numbers belong to the bank while calling or vice versa (appearing as if the call is from the bank).

When this is the case the malware tends to intercept any or all calls which the customer shares over the phone. Just so you know the following API aka associated permission is at the helm of such large-scale deception.

android.permission.SYSTEM_ALERT_WINDOW

The malware above has over the period of time evolved across Android devices. If you are using a version of Android which is earlier than Android 6, the permission prompt will appear at the time of installation.

In Android version 6 and 7, the prompt dialog does not even appear. Moreover, it not only engages the user into conversations with scammers but also, send all call logs to the command and control center (C&C for short).

The malware app has even customized itself to the layouts which are most popular in Korea.

Is there a way to mitigate this?

As with everything, you have to exercise extreme caution when using apps including keeping your anti-malware software on mobile up-to-date. Moreover, refrain from downloading applications other than Google Play store.

It is common in third-party apps since they come riddled with malware. So download and install from trusted sources. Read every instruction by any app thoroughly when prompted. Many threats will automatically curtail at this point if we only start paying attention.

Lastly, always make sure to back up your data.