Quasa
Use QUASA App
Join the pioneer of Web3 crypto freelancing today!
Open
Technology

Android Trojan that intercepts voice calls to banks just got more stealthy

|Author: Viacheslav Vasipenok|3 min read| 1441
Android Trojan that intercepts voice calls to banks just got more stealthy

Hello!

Researchers have discovered fresh variants of a sophisticated Android financial-fraud Trojan renowned for intercepting calls victims attempt to make to their banks’ customer-support teams. First brought to public attention in 2026, FakeCall stands out from typical banking Trojans thanks to its advanced call-redirection capabilities alongside the usual credential-stealing features.

How FakeCall Operates

The malware, distributed through websites impersonating Google Play, can also simulate incoming calls from bank representatives. This feature reassures victims that everything is normal while enabling live social-engineering attacks to extract sensitive account details.

Interception occurs once users grant the app permission during installation to act as the device’s default call handler. FakeCall then detects outgoing calls to legitimate bank support numbers and silently reroutes them to attacker-controlled lines. To conceal the switch, the Trojan overlays its own interface on the system screen.

Strategic Evolution in 2026

On Wednesday, a Zimperium researcher reported the discovery of 13 new variants. This ongoing development signals that the operators continue to invest heavily in refining the Trojan. “The newly discovered variants of this malware are heavily obfuscated but remain consistent with the characteristics of earlier versions,” wrote Zimperium malware researcher Fernando Ortega. “This suggested a strategic evolution—some malicious functionality had been partially migrated to native code, making detection more challenging.”

Much of the enhanced obfuscation stems from hiding malicious code inside a dynamically decrypted and loaded .dex file. Initially, Zimperium analysts suspected the samples belonged to an entirely new malware family. Only after extracting the .dex file from an infected device’s memory and performing static analysis did the connection become clear.

“As we delved deeper, a pattern emerged,” Ortega noted. “The services, receivers, and activities closely resembled those from an older malware variant with the package name com.secure.assistant.” This link confirmed the samples belonged to the FakeCall family.

Android Trojan that intercepts voice calls to banks just got more stealthy

Expanding Language Support

The original Kaspersky report from 2026 noted that FakeCall supported only Korean and appeared to target specific banks in South Korea. In 2026, researchers at ThreatFabric observed that the Trojan had added English, Japanese, and Chinese language support, although no confirmed targeting of speakers of those languages has been recorded.

Protecting Yourself

Users should exercise extreme caution before installing any Android app, especially those claiming to interact with financial institutions. Enabling Google Play Protect remains essential, as it scans for malicious applications regardless of their source.

Also read:

Thank you!
Join us on social networks!
See you!

Share:

Subscribe to our newsletter

Get the latest Web3, AI, and crypto news delivered straight to your inbox.

1