A new Android vishing (voice phishing) malware tool has been spotted targeting South Korean victims by impersonating 20 major South Korean financial institutions.
Dubbed “FakeCalls” by the Check Point Research (CPR) team, the malware lures victims with fake loans, asks them to verify their credit card numbers, and steals them.
“The FakeCalls malware functions like a Swiss Army knife, not only fulfilling its intended purpose, but also exfiltrating personal data from the victim’s device,” says CPR cybersecurity researcher Alexander Chailytko. said Mr.
In a report released by CPR on Tuesday, the company confirmed it had found more than 2,500 samples of the FakeCalls malware with a combination of mimicking financial institutions and implemented evasion techniques.
Additionally, the malware developers made extra efforts to keep the malware safe from antivirus programs and implemented several unique evasion techniques that CPR had never seen in the wild, the team said.
“Malware developers paid special attention to the technical aspects of its creation and the implementation of some unique and effective anti-analysis techniques,” explains Chailytko. “Additionally, they devised mechanisms to impersonate and resolve the command and control servers behind the operation.”
Security experts also warned that the techniques used by FakeCalls could be reused in other applications targeting other markets around the world.
Read more about vishing here: Hybrid Vishing Attacks Surge 625% in Q2
“We strongly advise Korean Android users not to provide personal information over the phone and be suspicious of calls from unknown numbers,” concludes Chailytko.
To protect against similar vishing attacks, the CPR report includes some additional security recommendations.
This includes noting unusual pauses or delays before a person speaks and asking callers to confirm or convey important facts such as website URLs or job titles. We also advise users not to respond to automated messages. This allows cybercriminals to record their own voice, which could be used for authentication in other attacks.
CPR’s findings confirm previous claims from Proofpoint, which said last December that vishing would be one of the increasingly used threat vectors in 2023.
