New banking malware stops customers from cancelling payment cards

Android.Fakebank.B recognizes when the customer service number is called and blocks it.
Android.Fakebank.B recognizes when the customer service number is called and blocks it.

When a person's payment card is compromised the first move is to call the bank and cancel the cards, but a new variant of the Android.Fakebank banking malware has the ability to discover and block any calls going from the infected device to the bank.

Android.Fakebank.B installs a broadcast receiver component on the targeted device that activates every time the victim attempts to call the bank's customer service department. Once active it blocks the call from going through effectively stopping the cancellation of the payment card giving the criminals more time to steal from it, Symantec researcher Dinesh Venkatesan said in a blog.

So far only the following banks in Russia and South Korea and numbers are affected:

  • KB Bank: 15999999

  • KEB Hana Bank: 15991111

  • NH Bank: 15442100 and 15882100

  • Sberbank: 80055550

  • SC Bank: 15881599 and 15889999

  • Shinhan Bank: 15448000, 15778000, and 15998000

Cards must be canceled using a non-infected phone.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS