Imagine calling your bank after discovering fraudulent activity in one of your accounts, but the person on the other end of the phone is a hacker.As reported by BleepingComputer, a new version of the FakeCall Trojan is now making the online rounds The malware, first discovered by cybersecurity firm Kaspersky in 2022, uses voice phishing (or vishing), overlay attacks, and other tricks to make victims think they are actually on the phone with someone at the bank.

Late last year, Check Point released its own report warning that FakeCall had gained the ability to impersonate more than 20 different financial organizations. Since then, however, its capabilities have become even more powerful, and the malware is now able to hijack both incoming and outgoing calls originating from the best Android phones.

Here is everything you need to know about this banking Trojan, along with tips and tricks to protect yourself from hackers and the malware they use in their attacks.

Like most other banking Trojans, FakeCall is usually spread through a malicious app that is sideloaded onto the victim's phone. Earlier versions of the Trojan allowed users to call banks from within these malicious apps, from which hackers would impersonate bank employees, and a fake overlay would display the bank's number during the call to avoid detection. Now, however, a new version of FakeCall, analyzed by cybersecurity researchers at Zimperium, uses a new trick to make it appear even more convincing. The malicious app used to spread the malware sets itself as the phone's default call handler, rather than overlaying it on top of legitimate apps. This is done by exploiting Android's accessibility services, and the victim is prompted to approve this after installation.

By having complete control over the Android phone's call handler, the hackers behind this campaign can hijack both incoming and outgoing calls. To make this look more legitimate, a fake call interface is used that copies the real Android dialer and displays the names and information of the victim's most frequently used contacts.

When the victim attempts to call a bank or other financial institution, FakeCall hijacks the call and redirects it to a phone number controlled by the hacker. The victim may think they are talking to a bank employee, who may ask for sensitive information over the phone, but they are actually talking to a hacker who is recording everything they say for use in subsequent attacks and fraud.

In addition to this new feature, the latest version of FakeCall has several other upgrades. These include the ability to live stream what is being displayed on the screen, the ability to take screenshots of infected devices, and the ability to unlock the phone to temporarily turn off the automatic lock. With so many new features added to this malware, it is clear that this malware is currently in active development and that the creators of this malware are making it more powerful with each release.

In its report, Zimperium provides details about this banking Trojan and explains that it has identified 13 malicious apps used to spread FakeCall. However, Zimperium has published only the indicators of compromise (IoC) on GitHub, not their names. We will make every effort to obtain a full list of app names and will update this article when available.

As with many other Android malware, the easiest way to avoid infection with the FakeCall banking trojan is to not sideload the app. Installing apps this way may be convenient, however, because these apps have not gone through the same rigorous security checks as those offered in official app stores such as the Google Play Store, Samsung Galaxy Store, and Amazon App Store, further exposing them to additional risks.

If in doubt, do not install the app as an APK file on your phone. Instead, go to the official app store and search for the app you want to use by name; since Google and other search engines are often used by hackers to host malicious ads, it is always better to go directly to the app store and search for new apps yourself It is always better to go directly to the app store and search for new apps yourself. Likewise, you want to limit the number of apps on your phone, as even good apps can be misused.

Make sure Google Play Protect is enabled on your device to protect against malware and other online threats. This built-in security app scans all new apps you download and existing apps on your smartphone for malware. However, for additional protection, you may also consider using one of the best Android antivirus apps alongside Google Play Protect.

As long as an app is available, hackers will exploit it to launch attacks. However, if you avoid side-loading new apps and don't give your installed apps access that they don't need, you should be safe from hackers. At the same time, it is always a good idea to reboot your device regularly to prevent hackers from infecting your phone with malware using zero-click attacks.

Since FakeCall is currently under active development, this will not be the last time we hear of this banking Trojan being used in a cyber attack.