Security

FakeBank Android Malware Steals Cards And Blocks Calls To Banks

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Google + Linkedin Subscribe to our newsletter Write a comment

A new family of malicious code aims to make it harder for users to cancel affected bank cards

IT security researchers have identified a family of Android malware that complicates things for its victims by preventing them from telephoning their bank to cancel cards that the code has stolen.

The malware indicates the rapid development currently occurring in Android malware, which has become significantly more prevalent in recent months.

Call blocking

ukraineA malware family called Android.Fakebank.B attempts to steal data, including bank card details, from users’ devices, according to an advisory from Symantec.

The malware also installs a component called BroadcastReceiver that is triggered each time the user makes a call using the affected device, Symantec said.

“If the dialled number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed,” Symantec stated.

The malware targets specific customer service numbers for banks in South Korea and Russia, the firm said.

The development is similar to malware that disables antivirus software on desktop computers, according to IT security analyst Graham Cluley.

“Although this particular malware appears to be targeting Russians and South Koreans, there is clearly the opportunity for this technique to be used elsewhere in the world,” he said.

Mobile threat

A Check Point study last week found that a widespread Android malware family called HummingBad has now infected more than 85 million devices, ranking third amongst all kinds of malicious code, indicating the scale of the virus threat facing mobile devices.

The study found a 61 percent increase in the number of active malware families overall in the first half of this year.

HummingBad, which is attached to infected versions of Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app, installs a rootkit that allows it to remain in place even after a factory reset, security experts have said.

Quiz: What do you know about cybersecurity in 2016?