PCMag editors select and review products independent. If you buy through affiliate links, we may earn commissions, which help support us testing.

Cybercriminals are now using an updated version of Android malware dubbed ‘FakeCall’ to intercept phone calls and intercept calls to banks, according to a report from the Zimperium mobile security platform.

Kaspersky first reported malware in 2022. It mimicked banking apps and allowed users to make calls through them. Attackers overlaid the real bank number on victims’ screens and impersonated bank employees to make the calls more credible in order to extract sensitive information.

The updated version of the malware takes the scheme one step further. “The attack usually starts when victims download an APK file on an Android mobile device through a phishing attack,” explains malware researcher Fernando Ortega. Users won’t be aware of the takeover until they uninstall the malicious app, he adds.

During installation, it asks the user to set itself as the default dialer. Once enabled, the malware gains significant control over Android accessibility service and monitors all incoming and outgoing calls. If a user tries to call the bank, it forwards the call to the attacker’s number.

According to the new research, the malware has also received several other upgrades. It can now monitor the vulnerable device’s Bluetooth status and screen activity and see the data on the screen. It can also grant device permissions to apps without user consent and give attackers remote control of the device.

The best way to avoid this malware is to stop installing apps using APKs obtained from untrustworthy sources – and look for verified, verified. android apps instead. You can also search in Android antivirus applications for an additional level of security.