CISO Update #47

Fakecalls' Banking Trojan

Here’s a story about a malicious application that almost seems like it needs to be an April Fools’ Day joke, but unfortunately it’s all too real. Security researchers have uncovered a strain of Android malware that can secretly intercept your phone calls. Disguised as a mobile app from popular South Korean banks, KB (Kookmin Bank) and KakaoBank, this app installs malware named “Fakecalls” that spoofs the bank’s identity by reproducing the bank’s official logo and the customer support number. 

When installed, the Trojan immediately requests a whole host of permissions, including access to one’s contacts, microphone and camera, geolocation, and call handling, which should all be a red flag to the user. Why would a banking app need access to your contacts?

What’s most unique and frightening about this trojan is that it goes as far as to imitate phone conversations with customer support. If the victim calls the bank’s hotline, the Trojan discreetly breaks the connection and opens its own fake call screen instead of the regular phone screen for Android. The call appears to be normal because Fakecalls has stolen the bank’s automated playback. For example, the victim might hear something like this: “Hello. Thank you for calling KakaoBank. Our call center is currently receiving an unusually large volume of calls.” Then the user is connected with the bad guy. You can only imagine the financially sensitive information one might hand over to someone during a customer support call. 

Fakecalls can spoof incoming calls as well. When the cybercriminals want to contact the victim, the Trojan displays its own screen and as a result, the user sees not the real number used by the cybercriminals, but the phone number of the bank’s support service.


What can you do?

This banking Trojan is a great example of the insidious nature of cybercriminals. While this Trojan is only targeting South Korean banking patrons at the moment, once the proof of concept is out in the public it is likely to spread. Here are some things to keep in mind when banking from a mobile device: 

  • ONLY download apps from legitimate sources like the Google Play store or Apple App Store.

  • NEVER grant permissions to functions, such as access to microphone and camera, if it doesn’t make sense for the app to have that level of access.

  • Install antivirus software on all your personal mobile devices and tablets. Sophos has a great free product called Sophos Intercept X for Mobile and is available from both the Apple App and Google Play stores. 

  • Fakecalls is currently only published in Korean, so if your call screen suddenly switches over to Korean, this is a big red flag


About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit and stay tuned for emails from for the latest from the Cybersafe campaign at FIT. Read past issues here.