A new variant of the notorious FakeCall malware has been discovered, using advanced vishing (voice phishing) techniques to deceive users and take near-total control of their mobile devices.
Zimperium’s research team has raised alarms over this sophisticated threat, which targets Android devices and exploits users’ trust in voice-based interactions to steal sensitive information and compromise device security.
FakeCall malware operates through a multi-stage attack process. It begins when victims unknowingly download a malicious APK file, often disguised as a legitimate app or service.
This initial file acts as a dropper, installing the actual malware payload onto the device. Once installed, FakeCall establishes communication with a Command and Control (C2) server, allowing remote attackers to issue commands and manipulate the infected device.
The malware’s primary method of attack is vishing, in which fraudulent phone calls are used to impersonate trusted entities like banks or service providers.
Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
Victims are tricked into calling fake customer service numbers controlled by attackers, who then use social engineering to extract sensitive information such as banking credentials or log in details.
This attack is particularly dangerous because FakeCall can intercept and manipulate both incoming and outgoing calls, mimicking legitimate interfaces and deceiving users into believing they are interacting with real services.
Capabilities of FakeCall Malware
Once embedded in the victim’s device, FakeCall can execute a wide range of malicious actions:
- Intercepting Calls: The malware takes over the phone’s dialer app, allowing it to intercept and redirect calls. For example, when a user attempts to contact their bank, the call is rerouted to a fraudulent number controlled by the attacker.
- Remote Device Control: Through its integration with Android’s Accessibility Services, FakeCall can simulate user interactions like clicks and gestures, effectively giving attackers full control over the device. This includes navigating apps, granting permissions without user consent, and even unlocking the device remotely.
- Data Exfiltration: The malware can extract sensitive data from the device, including SMS messages, call logs, contacts, and even live camera feeds. It can also capture screenshots and record audio without the victim’s knowledge.
- Identity Fraud: By modifying outgoing calls or displaying fake interfaces during phone interactions, FakeCall enables attackers to impersonate victims in real time, allowing them to commit identity fraud or unauthorized financial transactions.
Security experts have noted that FakeCall is continuously evolving. The latest variants show increased sophistication in terms of obfuscation techniques and functionality.
For instance, some malware components have been moved to native code, making detection more difficult for traditional antivirus software.
Additionally, researchers have observed that the malware includes features that are still under development. These include Bluetooth monitoring capabilities and screen state tracking, potentially laying the groundwork for future updates to enhance its ability to evade detection and control devices further.
Mitigation Measures
To protect against FakeCall and similar vishing-based attacks, users are advised to:
- Avoid downloading apps from untrusted sources.
- Regularly update their devices with the latest security patches.
- Be cautious when receiving unsolicited calls or messages requesting sensitive information.
- Use reputable mobile security software that can detect and block such threats.
As mobile devices become increasingly central to our daily lives, threats like FakeCall highlight the growing need for vigilance in mobile security.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!