The malware aims to stop customers of Russia and South Korea-based banks from cancelling payment cards that the malware stole. The latest version of the threat shows how Android banking malware continues to evolve.
Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.
When a banking customer calls a customer care number through a registered mobile device, their call will be routed to an Interactive Voice Response (IVR) System. By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device. Affected users can still find other channels, such as email or landline calls, to reach customer care.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now