New Android banking malware stops victims from contacting banks and cancelling fraudulent payments

A new Android banking malware variant has been uncovered by security researchers, which has been found to target financial institutions in Russia and South Korea. The malware is capable of blocking a victim's attempt to contact his or her bank's customer service centres, in efforts to ensure that fraudulent payments being made by hackers not be discovered and cancelled.

According to security firm Symantec, the malware, known as Android.FakeBank.B, was first spotted in October 2013. However, the malware strain has since evolved to incorporate various features, the most recent of which is the "call-barring functionality".

"Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialled number belongs to any of the customer service call centres of the target banks, the malware programmatically cancels the call from being placed," said Symantec threat analyst engineer Dinesh Venkatesan.

The malware blocks calls to numbers belonging to specific banks. This ensures that the authors of the malware can stop victims from alerting their banks about the breach and requesting the banks to cancel illegal payments made using the stolen cards. "This also gives the malware more time to steal data from the compromised device," Venkatesan added.

The list of customer care numbers blocked by the malware belong to several banks including: KB Bank (15999999), KEB Hana Bank (15991111), NH Bank (15442100 and 15882100), Sberbank (80055550), SC Bank (15881599 and 15889999) and Shinhan Bank (15448000, 15778000, and 159980000.

It is still uncertain as to how many victims have been affected by the banking malware and if the malware has been detected in other parts of the world. IBTimes UK has reached out to Symantec for further comment.