Another Reason To Avoid Random Android APKs And Dodgy Apps
It can be fun to load and configure an Android APK which didn’t come from the Google Store, or to grab an app that sounds great from somewhere on the web but as we’ve warned before it will likely end in tears. Today it is the announcement of the discovery of a new version of an old enemy called FakeCall. This malware has been around for a while and unfortunately it continues to evolve. The new version is nastier than ever, it takes over the Android dialer and perfectly mimics it, showing trusted contact information and names just like the real dialer and of course it makes calls.
The nasty part is what it does once it owns the dialer, it ensures that any phone call to a bank is invisibly intercepted and redirected to an attacker. Your Android phone will show the bank’s number, including any contact info you might have associated with that number, but in truth you are speaking to a scammer. Since it looks exactly like you’ve called your bank, the person you end up speaking to will have little trouble getting your banking information and can then make your life miserable. It can also simulate clicks and gestures, which is handy if you want to further infect a phone. Bleeping Computer lists the full capabilities of FakeCall in this post.
Of course, even grabbing your apps from the Google Store doesn’t guarantee your safety but it does make it far less likely that the app you install isn’t exactly what it says it is.