Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

New Android Vishing Malware Impersonates Leading Financial Institutions to Target Victims in South Korea

by Staff GBAF Publications Ltd
0 comment



Check Point Research (CPR) warns of new Android vishing malware targeting victims in South Korea. Named “FakeCalls”, the malware impersonates 20 of the leading financial institutions in the region, enticing its victims with fake loans. Victims confirm their credit card numbers and expose themselves to fraud. The malware developers paid special attention to the protection of their malware, using several unique evasions that we had not previously seen in the wild. CPR releases a technical analysis of FakeCalls to help prevent the malware from being used in other regions. 

  • CPR discovered more than 2500 samples of the FakeCalls malware
  • CPR outlines attacks scheme of FakeCalls 
  • CPR provides safety tips from vishing calls 

Check Point Research (CPR) is warning of a new vishing malware designed to offer fake loans from leading financial institutions to people in South Korea. Named “FakeCalls”, the Android malware imitates e-banking apps to provide fake loan offers with low interest rates, in order to lure its victims into confirming their credit card numbers through fraudulent phone calls. 

This type of attack is known as “vishing”, short-hand for voice phishing. 

The Attack Scheme 

The idea behind voice phishing is to trick the victim into thinking that there is a real bank employee on the other side of the call. When the conversation happens, the phone number belonging to the malware operators, unknown to the victim, is replaced by a real bank number. 

Victims are then under the impression that the conversation is made with a real bank and its real employee. Once the trust is established, the victim is tricked into “confirming” the credit card details in the hope of qualifying for the (fake) loan. 

Figure 1. Attack scheme: 


Evasion Techniques

The malware developers paid special attention to the protection of their malware, using several unique evasions that we had not previously seen in the wild. CPR saw several ways for how the malware developers tried to keep their real Command-and-Control (C&C) servers hidden: reading the data via dead drop resolvers in Google Drive or using an arbitrary Web server. All in all, CPR discovered more than 2500 samples of the FakeCalls malware that used a variety of combinations of mimicked financial organizations and implemented anti-analysis techniques.

Quote: Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software: 

“We’ve spotted new voice phishing malware impersonating financial institutions that are household names in South Korea. FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim’s device.The malware developers took special care with the technical aspects of their creation as well implementing several unique and effective anti-analysis techniques. In addition, they devised mechanisms for disguised resolution of the Command-and-Control servers behind the operations. The tricks and approaches used in this particular malware can be re-used in other applications targeting other markets around the globe. I strongly recommend Android users in South Korea not to provide any personal information over the phone and be suspicious of phone calls from unknown numbers.” 

How to Stay Safe: 

  1. Don’t provide any personal information over the phone
  2. Be on the lookout for unusual pauses or delays before a person speaks
  3. Avoid answering unknown phone calls
  4. Ask the caller to verify or relay key facts, such as website URL or their job title 
  5. Don’t press any buttons or speak any responses to any prompts from an automated message, as cybercriminals can record your voice