Android.Fakebank.B inhibits outgoing calls to bank customer services

Security researchers from Symantec have discovered a new variant of the Android.Fakebank.B banking trojan that prevents users from calling banks.

Security experts from Symantec have spotted a new strain of mobile Trojan dubbed Android.Fakebank.B that prevents users from making outgoing calls to banks from their mobile devices.

Android.Fakebank.B was first spotted in October 2013, it was able to intercept incoming calls to intercept SMS used by the banks for two-factor authentication.

Earlier 2014, experts from Symantec discovered a variant of the Trojan.Droidpak that was used to install the Android.Fakebank.B banking trojan on mobile devices.

The variant of Android.Fakebank.B used in those attacks was already implementing common features of mobile banking threats, including SMS interception and “MITM capabilities”.

In March 2016, the Android.Fakebank.B was observed targeting mainly customers of Russian and South Korean banks.

The analysis of the latest variant of the Fakebank.B Android Trojan revealed that the threat would register a BroadcastReceiver component that is used to monitor outgoing calls in order to block certain calls to customer service call centers of the target banks.

The Android.Fakebank.B also cancels every evidence of the call he has intercepted.

“Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.” states the analysis published by Symantec.

The number blocked by the Banking Trojan:

  • KB Bank: 15999999;
  • KEB Hana Bank: 15991111;
  • NH Bank: 15442100 and 15882100;
  • Sberbank: 80055550;
  • SC Bank: 15881599 and 15889999;
  • Shinhan Bank: 15448000, 15778000, and 15998000.

The bank customers use the above numbers to cancel stolen payment cards and deny unauthorized transactions in a timely manner, but crooks block them to have more time for their illicit activities.

The Android.Fakebank.B established a backdoor and steals information from the victim’s smartphone.

Symantec issued the following recommendations to mitigate the threat:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data

In any cases, victims can contact the bank to report the fraudulent activities using alternative channels, including a landline, a different mobile device, or an email.

In early 2016, researchers from Symantec spotted another mobile banking Trojan in the wild, the Bankosy trojan that steals passwords sent through voice calls generated by 2FA systems.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase