Android.Fakebank.B Malware Compromises Banking Customer Care Centers

After Android malware that intercepts incoming calls to bypass two-factor authentication systems emerged earlier this year, Symantec researchers have now discovered a Trojan that prevents users from making outgoing calls to banks from their smartphones. Dubbed Android.Fakebank.B, the malware was observed to include call-barring functionality in March this year and to be targeting mainly customers of Russian and South Korean banks. The Trojan is dated back to October 2013, but the call-cancelling capabilities weren’t seen before this year. While analyzing the latest version of the Fakebank.B Android Trojan, Symantec's researchers discovered that, upon installation, the malware would register a Broadcast Receiver component. Given that this component is triggered each and every time that the user makes a call, the Trojan could then monitor the outgoing calls and dialed numbers on the infected device. Customers calling banking care centers through a registered mobile device are usually routed to an Interactive Voice Response (IVR) System, allowing them to cancel stolen payment cards in a timely manner. However, malware creators can block users from doing so, which also gives them more time to steal data from the compromised device, researchers say. How can the Android.Fakebank.B malware be mitigated? Share your suggestions with the Cloud and Cyber Security Center.