FakeCalls malware developed three new ways to hide on Android devices

The creators of the FakeCalls malware, targeting devices Androidhave developed three new ways to hide it in the system, in order to prevent security-focused tools and programs from discovering it.

LOOK: Exynos processors, developed by Samsung, have security gaps (they allow remote malicious attacks)

This malware, discovered a year ago, is distributed in fake banking apps —about 20, according to CheckPoint— that pose as well-known financial institutions in South Korea, the country where these attacks are habitually perpetrated.

cyber criminals they create these fraudulent applications that imitate the original ones and they offer through them a loan with lower interest than what they are paying to encourage users to hire this service.

LOOK: Samsung Galaxy S23 Ultra: we tell you the good and not so good of the flagship cell phone of the South Korean firm | REVIEW

Once the victims express their interest in this offer, the malware initiates a phone call that plays a recording from the bank explaining the procedure to obtain it using a technique known as ‘voice phishing’ or ‘vishing’.

This fraudulent practice consists of making victims believe that they are communicating with a real bank employee. For this, the attackers also mask your phone number with that of the financial providerwhich generates trust in users to confirm their credit card details.

FakeCalls can also capture live video and audio streams from the compromised devicewhich could be used by scammers to gather additional information from victims.

LOOK: Uber: what is the user level rating for and how can we improve it?

The cybersecurity company has qualified that the creators of this malicious software have developed three techniques to avoid being detected. First, they mention the called ‘multiple disc’which manipulates the data in the APK file’s ZIP header and sets it to high values.

This confuses the tools intended to analyze and detect this type of malware. This malware then manipulates the Android Manifest.xml file, modifying its structure and causing misinterpretation by the security system.

LOOK: Mark Zuckerberg after laying off 10 thousand employees: “Our biggest investment is in the advancement of AI”

The third method used by cybercriminals is to add a large number of files inside directories nested in the APK folderexceeding 300 characters and also preventing some security tools from detecting it.

CheckPoint has commented that, according to data from the South Korean Government, ‘vishing’ resulted in robberies valued at around 600 million dollars in 2020 alone and 170,000 victims between 2016 and 2020.

Source: Elcomercio

Callum

I have worked in the news industry for over 10 years. I have a vast amount of experience in writing and reporting. I have also worked as an author for a number of years, writing about technology and other topics.

I am a highly skilled and experienced journalist, with a keen eye for detail. I am also an excellent communicator, with superb writing skills. I am passionate about technology and its impact on our world. I am also very interested in current affairs and the latest news stories.

I am a hardworking and dedicated professional, who always strives to produce the best possible work. I am also a team player, who is always willing to help out others.