14 DAY TRIAL // The most recent version of the Android.Fakebank.B mobile banking trojan comes with a mechanism that blocks outgoing calls to a series of numbers associated with a bank's customer support center.
This version was first detected in March 2016, and Symantec, the company that picked it up, says it only goes after customers of Russian and South Korean banks, the countries it historically targeted in the past.
The malware's mode of operation is quite simple and somewhat genius, to be honest. At its core, Android.Fakebank.B is a banking trojan.
This threat steals login credentials for your mobile banking apps, which it then sends to the crooks' server. They then move to initiating several illicit transactions.
If by any chance the user detects these rogue transfers in their account and picks up the phone to call their bank, the malware will block the outgoing call from that device.
Users can still use other phones to call the bank, land lines or try to get in contact via email.
Symantec says the malware targets a large number of banks. Here are a few mentioned by the security vendor in its report: KB Bank, KEB Hana Bank, NH Bank, Sberbank, SC Bank, Shinhan Bank.
"By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole," Dinesh Venkatesan writes for Symantec. "This also gives the malware more time to steal data from the compromised device."