Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

admin by admin
March 17, 2023
in Ethical Hackers


Mar 17, 2023Ravie LakshmananMobile Security / Scam Alert

An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps.

“FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim’s device,” cybersecurity firm Check Point said.

FakeCalls was previously documented by Kaspersky in April 2022, describing the malware’s capabilities to imitate phone conversations with a bank customer support agent.

In the observed attacks, users who install the rogue banking app are enticed into calling the financial institution by offering a fake low-interest loan.

At the point where the phone call actually happens, a pre-recorded audio with instructions from the real bank is played. At the same time, malware also conceals the phone number with the bank’s real number to give the impression that a conversation is happening with an actual bank employee on the other end.

The ultimate goal of the campaign to get the victim’s credit card information, which the threat actors claim is required to qualify for the non-existent loan.

The malicious app also requests for intrusive permissions so as to harvest sensitive data, including live audio and video streams, from the compromised device, which are then exfiltrated to a remote server.

The latest FakeCalls samples further implement various techniques to stay under the radar. One of the methods involves adding a large number of files inside nested directories to the APK’s asset folder, causing the length of the file name and path to breach the 300-character limit.

“The malware developers took special care with the technical aspects of their creation as well as implementing several unique and effective anti-analysis techniques,” Check Point said. “In addition, they devised mechanisms for disguised resolution of the command-and-control servers behind the operations.”

FakeCalls Vishing Malware

While the attack exclusively focuses on South Korea, the cybersecurity company has warned that the same tactics can be repurposed to target other regions across the world.

The findings also come as Cyble shed light on two Android banking trojans dubbed Nexus and GoatRAT that can harvest valuable data and carry out financial fraud.

Nexus, a rebranded version of SOVA, also incorporates a ransomware module that encrypts the stored files and can abuse Android’s accessibility services to extract seed phrases from cryptocurrency wallets.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

In contrast, GoatRAT is designed to target Brazilian banks and joins the likes of BrasDex and PixPirate to commit fraudulent money transfer over the PIX payments platform while displaying a fake overlay window to hide the activity.

The development is part of a growing trend where threat actors have unleashed increasingly sophisticated banking malware to automate the whole process of unauthorized money transfers on infected devices.

Cybersecurity company Kaspersky said it detected 196,476 new mobile banking trojans and 10,543 new mobile ransomware trojans in 2022, with China, Syria, Iran, Yemen, and Iraq emerging as the top countries attacked by mobile malware, including adware.

Spain, Saudi Arabia, Australia, Turkey, China, Switzerland, Japan, Colombia, Italy, and India lead the list of top countries infected by mobile financial threats.

“Despite the decline in overall malware installers, the continued growth of mobile banking Trojans is a clear indication that cybercriminals are focusing on financial gain,” Kaspersky researcher Tatyana Shishkova said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

analyzer – Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

Next Post

Which is better in 2023?

Next Post

Which is better in 2023?

Recommended

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

5 months ago

Critical Infrastructure Security and Resilience Awareness

7 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.