Another worrying wave of Android malware headlines this week, with a new warning that dangerous new spyware is infecting devices. As far as malware goes, this one is fantastic, intercepting calls, live streaming your device’s screen to attackers, reading, sending and deleting text messages, and even taking photos with your camera.

Zimperio warns that “our zLabs team has been actively tracking a new variant of a well-known malware called FakeCall.” And although previous versions of the malware have been reported by Kaspersky and ThreatTissueThe malware has now been improved.

ForbesMicrosoft update warning: 400 million Windows PCs now at riskBy Zak Doffman

However, at its core, the central objective of the attack is the same as always. FakeCall intercepts incoming and outgoing calls, and “victims are tricked into calling fraudulent phone numbers controlled by the attacker.” The underlying code was changed to be harder to find and new features were added, some of which are not yet available.

First things first, after you have downloaded the malicious app which then loads malware onto your phone, “the app prompts the user to set it as the default call manager. Once designated as the default call manager, the app gains the ability to manage all incoming and outgoing calls.”

So let’s be very clear: you should never allow a new app to become the default call manager on your phone. There may be reasons to change the default Android app, but if that’s the case, you should only download a well-referenced app from a mainstream developer and only from the Play Store. Not like that.

Secondly, all FakeCall malicious apps are downloaded i.e. direct installations or from third party app stores. You will be drawn to the facility via social media posts, text/WhatsApps or emails. Don’t take the bait.

ForbesSamsung’s impossible deadline: you have 24 hours to update your phoneBy Zak Doffman

As Zimperium explains, “By exploiting its position as the default call manager, the application can modify the dialed number, replacing it with a malicious one… tricking users into making fraudulent calls… Malware can (also) intercept and Control incoming and outgoing calls. , covertly making unauthorized connections. In this case, users may not notice until they delete the app or restart their device.”

The intention of this spyware is to steal your hard-earned money. It’s waiting on your device for you to contact a known financial institution. When you do so, “the malware redirects the call to a fraudulent number controlled by the attacker. The malicious application will trick the user by displaying a fake and convincing user interface that appears to be the legitimate Android calling interface displaying the phone number of the real bank. The victim will be unaware of the tampering, as the malware’s fake user interface will mimic the real banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts.”

But if you do three things you won’t be able to get trapped like this:

1. As stated above, never reset the default call handler
2. Do not download applications on your device; even Google now warns against this
3. Make sure Play Protect is enabled on your phone

ForbesGoogle warns 2 billion Chrome users: update now as Apple reveals dangerous new threatBy Zak Doffman

Google is clamping down on sideloading and has expanded Play Protect beyond its own Play Store apps to cover those from other sources. We also expect Android 15’s new live threat detection to arrive on updated phones soon.. This should monitor this type of malicious behavior in real time, even if an app is not yet flagged.

Meanwhile, you can check if you know any FakeCall apps on your phone.Zimperium has provided details here. You can also ensure that the default call handler has not been changed, that unexpected accessibility services permissions have not been set, and that Play Protect is enabled at all times.