Tech News

Fakecalls, the Trojan that pretends to be a bank app and imitates telephone conversations

Alert for a trojan that masquerades as a banking application and mimics the phone customer service of the most popular South Korean banks. Under the guise of bank employees, cybercriminals try to obtain payment data and sensitive information from their victims.


This Trojan, which has been dubbed Fakecalls, unlike others, can discreetly intercept calls to real banks using its own connection. Kaspersky analysts, who discovered this cyber attackthey saw that when a victim calls the bank’s hotline the Trojan opens its own fake call instead of the real one from the bank.

There are two possible scenarios that develop after intercepting the call: in the former, Fakecalls connects the victim directly with cybercriminals posing as the bank’s customer service. In the second, the Trojan plays pre-recorded audio that mimics a standard greeting and conversation using an automated voicemail.


From time to time, Fakecalls inserts short audio snippets in Korean. For example, “Hello. Thank you for calling our bank. Our call center is receiving a high volume of calls. An advisor will speak with you as soon as possible.” This allows them to gain the trust of their victims by making them believe that the call is real. The main objective of these types of calls is to obtain as much confidential information as possible from the victims, including their bank account details.

However, the attackers using this Trojan have not taken into account that some of its potential victims may use different interface languages, for example English instead of Korean. The Fakecall screen only has a Korean version, which means that some of the users who use the English interface language will be aware of the threat.


The Fakecall application, disguised as a real banking application, asks for a series of permissions such as access to contacts, microphone, camera, geolocation and call managementyes These allow the Trojan to drop incoming calls and delete them from the device’s history, for example when the real bank is trying to contact your customer.

The Trojan is not only capable of monitoring incoming calls but is also capable of spoofing outgoing calls. If cybercriminals want to contact the victim, Fakecalls displays its own call screen on top of the system one. In this way, the user does not see the real number used by the cybercriminals, but the phone number of the bank’s helpdesk displayed by the Trojan.

Fakecalls completely mimics the mobile applications of well-known South Korean banks. They insert the actual bank logos and display the actual bank support numbers as they appear on the front page of their official websites.


The cybercriminals who created Fakecalls have combined two dangerous technologies: banking Trojans and social engineering, so its victims are more likely to lose money and personal data. When you download a new mobile banking app, be aware of what permissions it asks for. If you try to gain suspiciously excessive access to device controls, including access to call handling, the app is most likely a banking Trojan,” warns Igor Golovin, security analyst at Kaspersky.

Cybersecurity experts recommend the following:

1. Download only apps from official stores. Do not allow installation from unknown sources. Official stores check all programs and if malware manages to sneak in, it is usually quickly removed.

2. Pay attention to the permissions that applications ask for and if they really need them. Unless it is a necessary requirement, it is convenient to deny permissions, especially the potentially dangerous ones such as access to calls, text messages, accessibility, etc.

3. Never give confidential information over the phone. Real bank employees will never ask for online banking access credentials, PIN, card security code, or text message confirmation codes. When in doubt, go to the bank’s official website and find out what employees can and can’t ask.

4. Have a trusted security solution that protects all devices from banking Trojans and other malicious programs.


Back to top button