New FakeCall Malware Controls Devices Via Deceptive Call Techniques - 1

Image by Freepik

New FakeCall Malware Controls Devices Via Deceptive Call Techniques

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

In a Rush? Here are the Quick Facts!

  • FakeCall is a new variant of Android malware using voice phishing.
  • Victims are tricked into calling fraudulent numbers controlled by attackers.
  • The malware captures sensitive information like SMS, contacts, and locations.

Cybersecurity researchers have recently uncovered a new variant of the notorious Android malware family known as FakeCall. This malicious software employs advanced voice phishing techniques to deceive users into revealing sensitive personal information.

In their recent report the researchers explain how FakeCall employs a technique known as vishing (voice phishing), in which fraudulent phone calls or voice messages are used to deceive victims into disclosing sensitive information, such as login credentials, credit card numbers, or banking details.

Vishing is a form of “mishing,” a term that encompasses mobile-targeted phishing techniques, increasingly used by attackers to exploit the unique features of mobile devices, including voice calls, texting (SMS), and cameras. FakeCall is an extremely sophisticated type of vishing that leverages malware along with these fraudulent calls.

Additionally, the report explains that smishing refers to deceptive SMS messages that lure victims into clicking on malicious links or sharing sensitive data.

Quishing exploits mobile cameras to deliver phishing attacks through malicious QR codes. Email-based mobile phishing consists of phishing emails specifically designed to be effective only when accessed through a mobile email client, as noted on the report.

Fernando Ortega, one of the researchers who uncovered this, highlighted the seriousness of this threat in the report. He described FakeCall as “an extremely sophisticated vishing attack” that can take nearly complete control of a mobile device.

This includes intercepting both incoming and outgoing calls, effectively putting the attacker in charge of the user’s communication.

Victims are tricked into calling fraudulent numbers controlled by the attacker. The malware mimics a normal user experience, making it harder for individuals to recognize they are being deceived.

By using accessibility services, similar to other Android banking malware, FakeCall captures information displayed on the screen and requests additional permissions to operate effectively.

The spyware capabilities of FakeCall are alarming. It can collect a wide array of personal data, such as SMS messages, contact lists, locations, and the apps installed on the device. It even has the ability to take photos, record video streams using the device’s cameras, and manage contacts by adding or deleting them.

Additionally, FakeCall can capture audio snippets and upload images, using the MediaProjection API to create a video stream of the device’s activities.

One of the most dangerous features of this new version is its instruction for users to set the malware as the default dialer app. This change allows FakeCall to monitor all incoming and outgoing calls.

By intercepting these calls, the malware can modify dialed numbers, such as those for banking institutions, redirecting victims to numbers controlled by the attacker. This tactic lures users into taking unintended actions, leading to potential financial loss or identity theft.

Previous iterations of FakeCall prompted users to call their banks from within the malicious app, disguising itself as a financial institution offering enticing loan options. However, this latest version’s capability to modify call information makes it significantly more dangerous, as noted by The Hacker News .

The emergence of FakeCall serves as a warning for mobile users to remain vigilant. With the rise of such sophisticated attacks, individuals must be cautious about unsolicited calls and messages and should verify the identity of anyone requesting personal information.

Cybersecurity experts recommend installing reliable security software on devices and keeping operating systems updated to protect against evolving threats.

South Korean Regulators Fine Meta $15 Million Over Data Privacy Breach - 2

Photo by dlxmedia.hu on Unsplash

South Korean Regulators Fine Meta $15 Million Over Data Privacy Breach

  • Written by Andrea Miliani Former Tech News Expert

In a Rush? Here are the Quick Facts!

  • Regulators are asking Meta $15.68 million in fines over illegal actions with users’ data
  • South Korea’s Personal Information Protection Commission performed a 4-year investigation
  • Meta allegedly used private data from 980,000 Facebook users and sold it to over 4,000 advertisers

South Korean Regulators requested Meta to pay 21.62 billion won—around $15.68 million—in fines for illegally sharing users’ private information.

According to ABC News , South Korea’s Personal Information Protection Commission performed a 4-year investigation—from July 2018 to March 2022—and revealed that Meta illegally collected private information from 980,000 Facebook users and shared this data with over 4,000 advertisers.

It’s not the first time an organization has revealed that Meta has shared users’ private data for advertising. The American marketing firm Cox Media Group recently admitted to getting user data from multiple tech companies including Meta.

The information gathered by Meta South Korea included political views, religion, same-sex unions, and more. The privacy laws in South Korea forbid sharing private information like sexual behavior, political views, and beliefs without the person’s consent.

Lee Eun Jung, a commission director who led the investigation on Meta, said Meta had categories according to users’ interests and the ads they clicked on on the platform.

“While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent,” Lee said.

Lee also criticized Meta’s security measures and accused them of putting users at risk by not taking basic actions like removing inactive pages.

South Korea is not the only country going against Meta’s lack of protection towards its users these past few days. Last week, Brazil sued Meta —and other platforms—for not preventing addiction issues in minors.