A newly upgraded version of the Android malware “FakeCall” now allows cybercriminals to take control of Android devices’ dialers, enabling them to hijack calls made to banks.
Originally reported by Kaspersky in 2022, FakeCall first impersonated banking apps, overlaying legitimate bank phone numbers on the device screen to trick users into thinking they were speaking with real bank employees.
This latest update to FakeCall, detailed by mobile security platform Zimperium, takes the deception further. Victims unknowingly give the malware control by setting it as the default calling app during installation, allowing attackers to intercept bank calls and reroute them to themselves.
Beyond call hijacking, the malware has received other sophisticated upgrades. It can now monitor Bluetooth and screen activity, access on-screen data, grant permissions to other apps, and even enable remote device control.
To avoid infection, users should avoid installing APKs from untrusted sources and instead stick to verified apps on the Google Play Store. Using Android antivirus solutions also adds a layer of security.
