Site icon Check Point Blog

Beware of Fake Calls! It’s not really your bank calling. Check Point Research draws attention to a new Android Malware

Highlights:

Background

When malware actors plan entering a business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results.

Recently Check Point Research encountered an Android Trojan dubbed FakeCalls, A malware able to masquerade as more than 20 financial applications and imitate phone conversations with bank employees. This kind of attack is called voice phishing (AKA Vishing).

Vishing – a portmanteau of voice and phishing – attacks are performed over the phone, and are considered a type of a social engineering attack, as they use psychology to trick victims into handing over sensitive information or performing some action on the attacker’s behalf.

“FakeCalls” targets the South Korean market and possesses the functionality of a Swiss army knife being able not only to conduct its primary aim but also aims and succeeds to extract private data from the victim.

Vishing attacks have a long history in the South Korean market. According to A report published in the governmental website of South Korea, financial losses due to voice phishing constituted approximately 600 million USD in 2020 with the number of victims getting as high as 170,000 people in the period from 2016 to 2020. Phishing scams in South Korea have caused more than $1.24 billion in damage over the past five years, with less than 30 percent of the stolen money being retrieved.

Voice phishing (AKA Vishing)

The idea behind voice phishing is to trick the victim into thinking that there is a real bank employee on the other side of the call. As the victim thinks that the application in use is an internet-banking application (or payment system application) of a real financial institution, there is no reason to be suspicious of an offer to apply for a loan with a lower interest rate – which is fake, of course. At this step, the malware actors can lay the necessary groundwork to understand how to approach the victim in the best way possible.

At the point where conversation happens, the phone number belonging to the malware operators, unknown for the victim, is replaced by a real bank number. Therefore, the victim is under the impression that the conversation is made with a real bank and its real employee. Once the trust is established, the victim is tricked into “confirming” the credit card details in the hope of qualifying for the (fake) loan.

The list of organizations that were mimicked includes banks, insurance companies, and online shopping services.

This is the principal scheme of the attack:

When victims install the FakeCalls malware, they have no reason to suspect that some hidden “Features” are included in the “trustworthy” internet-banking application from that solid organization.

Evasion techniques previously unknown detected

We discovered more than 2500 samples of the FakeCalls malware different in a combination of mimicked financial organizations and implemented evasion techniques. The malware developers paid special attention to the protection of their malware, implementing several unique evasion techniques that we had not seen in-the-wild before.

In our full research we describe all the encountered techniques, show how to mitigate them, dive into the details of the malware functionality and explain how to stay protected from this and similar threats.

How to Prevent Vishing Attacks

Like other social engineering attacks, user awareness is essential for prevention and protection. Some important points to include in cybersecurity awareness training are:

Check Point offers a range of solutions that can help organizations to mitigate vishing, phishing, and other related attacks. Check Point’s Harmony Email and Office includes anti-phishing protections and can help detect attempted data exfiltration inspired by a vishing attack.

Check Point’s Harmony Mobile Prevents malware from infiltrating mobile devices by detecting and blocking the download of malicious apps in real-time. Harmony Mobile’s unique network security infrastructure – On-device Network Protection – allows you to stay ahead of emerging threats by extending Check Point’s industry-leading network security technologies to mobile devices.

Exit mobile version