• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

“FakeCalls” Android Malware Targets Financial Firms in South Korea

You are here: Home / General Cyber Security News / “FakeCalls” Android Malware Targets Financial Firms in South Korea
March 15, 2023

A new Android vishing (voice phishing) malware device has been spotted focusing on victims in South Korea by impersonating 20 foremost monetary institutions in the location.

Dubbed “FakeCalls” by the Verify Level Analysis (CPR) team, the malware baits victims with fake financial loans, requesting them to validate their credit card figures, which are then stolen.

“FakeCalls malware possesses the performance of a Swiss military knife, in a position not only to conduct its major aim but also to extract private details from the victim’s product,” said CPR cybersecurity researcher Alexander Chailytko.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In a report released by CPR on Tuesday, the firm confirmed it found about 2500 samples of the FakeCalls malware in a blend of mimicked economic companies and implemented evasion procedures.

Additional, the group explained the malware developers created excess initiatives to shield their malware from antivirus packages, employing numerous one of a kind evasion approaches not formerly noticed by CPR in the wild.

“The malware developers took unique treatment with the complex areas of their development as perfectly as employing quite a few exclusive and efficient anti-examination techniques,” Chailytko described. “In addition, they devised mechanisms for disguised resolution of the command-and-command servers at the rear of the operations.”

The security skilled also warned that the strategies used by FakeCalls could be reused in other apps focusing on other markets all-around the world.

Study much more on vishing listed here: Hybrid Vishing Attacks Soar 625% in Q2

“I strongly advocate Android consumers in South Korea not to provide any individual info over the phone and be suspicious of phone phone calls from mysterious numbers,” Chailytko concluded.

To shield towards similar vishing attacks, the CPR report includes a number of added security tips. 

These include things like remaining on the lookout for unconventional pauses or delays just before a particular person speaks and asking callers to confirm or relay critical information, these kinds of as website URLs or position titles. It also advises people not to answer to automated messages as this could enable cybercriminals to document their voices, which could most likely be applied for authentication in other attacks.

The CPR findings verify earlier statements from Proofpoint, who explained in December previous year vishing would be between the danger vectors currently being progressively utilized in 2023.


Some pieces of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Humans Still More Effective Than ChatGPT at Phishing
Next Post: Tick APT Group Hacked East Asian DLP Software Firm Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.