Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Android.Fakebank.B inhibits outgoing calls to bank customer services

Security researchers from Symantec have discovered a new variant of the Android.Fakebank.B banking trojan that prevents users from calling banks. Security experts from Symantec have spotted a new strain of mobile Trojan dubbed Android.Fakebank.B that prevents users from making outgoing calls to banks from their mobile devices. Android.Fakebank.B was first spotted in October 2013, it was able to […]

Android.Fakebank.B inhibits outgoing calls to bank customer services

Security researchers from Symantec have discovered a new variant of the Android.Fakebank.B banking trojan that prevents users from calling banks.

Security experts from Symantec have spotted a new strain of mobile Trojan dubbed Android.Fakebank.B that prevents users from making outgoing calls to banks from their mobile devices.

Android.Fakebank.B was first spotted in October 2013, it was able to intercept incoming calls to intercept SMS used by the banks for two-factor authentication.

Earlier 2014, experts from Symantec discovered a variant of the Trojan.Droidpak that was used to install the Android.Fakebank.B banking trojan on mobile devices.

The variant of Android.Fakebank.B used in those attacks was already implementing common features of mobile banking threats, including SMS interception and “MITM capabilities”.

In March 2016, the Android.Fakebank.B was observed targeting mainly customers of Russian and South Korean banks.

The analysis of the latest variant of the Fakebank.B Android Trojan revealed that the threat would register a BroadcastReceiver component that is used to monitor outgoing calls in order to block certain calls to customer service call centers of the target banks.

The Android.Fakebank.B also cancels every evidence of the call he has intercepted.

“Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.” states the analysis published by Symantec.

Android-Trojan

The number blocked by the Banking Trojan:

  • KB Bank: 15999999;
  • KEB Hana Bank: 15991111;
  • NH Bank: 15442100 and 15882100;
  • Sberbank: 80055550;
  • SC Bank: 15881599 and 15889999;
  • Shinhan Bank: 15448000, 15778000, and 15998000.

The bank customers use the above numbers to cancel stolen payment cards and deny unauthorized transactions in a timely manner, but crooks block them to have more time for their illicit activities.

The Android.Fakebank.B established a backdoor and steals information from the victim’s smartphone.

Symantec issued the following recommendations to mitigate the threat:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data

In any cases, victims can contact the bank to report the fraudulent activities using alternative channels, including a landline, a different mobile device, or an email.

In early 2016, researchers from Symantec spotted another mobile banking Trojan in the wild, the Bankosy trojan that steals passwords sent through voice calls generated by 2FA systems.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Android.Fakebank.B , mobile)