Some malware prevents victims to visit sites from which they could download antivirus software, or kills AV software found running on the infected machines and devices.
Newer variants of the backdoor-opening, information-stealing FakeBank Android Trojan use another tactic to prevent victims from protecting themselves and their bank accounts: they blocks calls to their bank.
“Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed,” Symantec researchers have found.
“By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device.”
The malware samples they have analyzed so far are targeting Russian and South Korean users, and the banks that can’t be contacted via the infected mobile phone include South Korean’s Kookmin Bank, KEB Hana Bank, NongHyup Bank, Shinhan Bank, Standard Chartered Bank, and Russian Sberbank.
Users who have installed the malware – usually posing as a Google Play app – are advised to use another mobile device or a landline to contact their bank, and to purge their devices of the malware as soon as possible.