Android Trojan Cancels Customers’ Outgoing Calls To Banks

The Symantec security experts have found a brand new version of the Android.Fakebank.B banking trojan which inhibits outgoing calls to bank customer services.

The security researchers from Symantec have noticed a new strain of mobile Trojan, called Android.Fakebank.B. The newly-found malware prevents customers from making outgoing calls to banks from their mobile devices.

Android.Fakebank.B first appeared in October 2013. The threat was able to cancel incoming calls, as well as to intercept SMS used by the banks for two-factor authentication.

At the beginning of 2014, the Symantec researchers registered a news version of the Trojan.Droidpak which was used to install the Android.Fakebank.B banking trojan on mobile devices. The new malware version used in those attacks was already implementing common features of mobile banking threats, including SMS interception and “MITM capabilities”.

In March, this year, the experts noticed that Android.Fakebank.B was targeting mainly customers of Russian and South Korean banks.

According to the most recent Fakebank.B Android Trojan analysis, the threat would register a BroadcastReceiver component which is used to observe outgoing calls in order to block certain calls to customer service call centers of the target banks. In addition, Android.Fakebank.B cancels every evidence of the call it has intercepted.

“Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.”
the Symantec experts said.

The number blocked by the Banking Trojan are listed bellow:

KB Bank: 15999999;
KEB Hana Bank: 15991111;
NH Bank: 15442100 and 15882100;
Sberbank: 80055550;
SC Bank: 15881599 and 15889999;
Shinhan Bank: 15448000, 15778000, and 15998000.

The customers of the banks use the above numbers to cancel stolen payment cards and deny unauthorized transactions in a timely manner, however, hackers block them to have more time for their malicious operations.

Android.Fakebank.B has established a backdoor to steal information from the victim’s smartphone. The Symantec researchers issued the following recommendations to mitigate the trojan:

Keep your software up to date
Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
Pay close attention to the permissions requested by apps
Install a suitable mobile security app to protect your device and data
Make frequent backups of important data

The malware victims can contact the bank to report the fraudulent activities using alternative channels, including a landline, a different mobile device, or an email.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.