Quote: Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software: All in all, CPR discovered more than 2500 samples of the FakeCalls malware that used a variety of combinations of mimicked financial organizations and implemented anti-analysis techniques. CPR saw several ways for how the malware developers tried to keep their real Command-and-Control (C&C) servers hidden: reading the data via dead drop resolvers in Google Drive or using an arbitrary Web server. The malware developers paid special attention to the protection of their malware, using several unique evasions that we had not previously seen in the wild. Once the trust is established, the victim is tricked into “confirming” the credit card details in the hope of qualifying for the (fake) loan. Victims are then under the impression that the conversation is made with a real bank and its real employee. When the conversation happens, the phone number belonging to the malware operators, unknown to the victim, is replaced by a real bank number. The idea behind voice phishing is to trick the victim into thinking that there is a real bank employee on the other side of the call. This type of attack is known as “vishing”, short-hand for voice phishing. Named “FakeCalls”, the Android malware imitates e-banking apps to provide fake loan offers with low interest rates, in order to lure its victims into confirming their credit card numbers through fraudulent phone calls.
0 Comments
Leave a Reply. |