Trojan Horse Software That Talks Like Bank Employees
Using new technologies, hackers have developed trojans that mimic bank employees’ voices. These robots(trojan), which present themselves as bank employees, capture the victims’ financial information or confidential information.
Researchers found that when a customer called the bank’s hotline, the Trojan opened its fake spoof call instead of the bank’s original call. First, Fake calls connect the victim directly with cybercriminals who present themselves as the bank’s client representatives. In the alternative scenario, the Trojan mimics a standard greeting from the bank and plays pre-recorded audio that resembles a standard speech using automated voicemail.
The Trojan Horse also adds small Korean audio tracks from time to time.
For example, “Hello, thank you for calling our bank. Our call center is currently receiving an unusually high number of calls. We will direct a consultant to you as soon as possible”. These messages allow cybercriminals to gain the trust of their victims by convincing the customer that the call is genuine. The main purpose of such searches is to leak as much financial data as possible from their victims, including bank account information.
Hackers using the Trojan got caught just because they were using Korean.
Only the Korean language version of the fake calls screen is available. This means that some users using the English interface language will suspect fraud and expose the threat.
Fake calls application, which looks like a real banking application, asks for various permissions such as access to contacts, microphone, camera, geolocation, and call management when downloaded.
These permissions allow the Trojan to drop incoming calls and delete them from the device history, for example, when trying to reach a real bank customer. While the scammers try to convince the victim that the app is genuine, all the fake calls imitate the mobile apps of well-known South Korean banks. It adds the real bank logos and displays the real support numbers of the banks as shown on the official website homepage.
To prevent your data and assets from falling into bad hands, you can follow these steps:
Apps should only be downloaded from official stores. Installation from unknown sources should not be allowed. Official stores check all programs and usually remove them immediately if malware manages to sneak into the system.
Consideration should be given to what permissions the apps are requesting and whether they need them. Do not be afraid to refuse permissions. In particular, potentially dangerous ones such as access to calls, text messages, and accessibility should be denied.
Real bank employees never ask for online banking login, PIN, card security code, or confirmation codes. If in doubt, the bank’s official website should be entered and it should be learned what the employees may or may not want.
Also read this
Watch this film