Endpoint Protection

Android banking malware blocks victims’ outgoing calls to customer service 

07-14-2016 08:59 AM

In March 2016, newer variants of the Android.Fakebank.B family arrived with call-barring functionality. The feature aims to stop customers of Russian and South Korean banks from cancelling payment cards that the malware stole. The latest version of the threat shows how Android banking malware continues to evolve.

Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.

figure1_Korean_Banks_0.png
Figure. Code responsible for programmatically canceling outgoing calls to South Korean banks

We have observed the variants targeting financial institutions in Russia and South Korea. The following are some of the customer care numbers that the variants are blocking:

  • KB Bank: 15999999
  • KEB Hana Bank: 15991111
  • NH Bank: 15442100 and 15882100
  • Sberbank: 80055550
  • SC Bank: 15881599 and 15889999
  • Shinhan Bank: 15448000, 15778000, and 15998000

Typically, when a banking customer calls a customer care number through a registered mobile device, their call will be routed to an Interactive Voice Response (IVR) System. By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device. Affected users can still find other channels, such as email or landline calls, to reach customer care.

Mitigation
Symantec recommends users follow these best practices to stay protected from mobile threats:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data


Protection
Symantec and Norton products detect the threats discussed in this blog as:

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.