Android.Fakebank.B Android Trojan Prevent Infected Systems from Calling Bank Support

Security researchers at Symantec alerting of a malware that was previously discovered in 2013. This malware is infecting android systems and called Android.Fakebank.B. The Fakebank malware will not allow infected system to contact bank customer support and at the moment Symantec is seeing an increased number of infected devices starting from March 2016.

Android.Fakebank.B hide itself in legitimate android process and it will register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the called number belongs to bank support this call is going to be cancelled otherwise the call will be allowed.

This malware objective is to steal banking credentials this by looking at any bank application installed on infected system. Then the Fakebank will initiate some illegal transactions. If the victim will detect that his application is not under control and there is non allowed transaction normally he will try to reach the support but with this malware the call is going to be canceled.

The following are some of the customer care numbers that the variants are blocking:

• KB Bank: 15999999
• KEB Hana Bank: 15991111
• NH Bank: 15442100 and 15882100
• Sberbank: 80055550
• SC Bank: 15881599 and 15889999
• Shinhan Bank: 15448000, 15778000, and 15998000


Code for canceling outgoing calls to South Korean banks Sourced Symantec

Symantec recommend the following steps for mitigation:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data
Notify of
Inline Feedbacks
View all comments