New banking malware stops customers from cancelling payment cards

When a person's payment card is compromised the first move is to call the bank and cancel the cards, but a new variant of the Android.Fakebank banking malware has the ability to discover and block any calls going from the infected device to the bank.

Android.Fakebank.B installs a broadcast receiver component on the targeted device that activates every time the victim attempts to call the bank's customer service department. Once active, it blocks the call from going through effectively stopping the cancellation of the payment card giving the criminals more time to steal from it, Symantec researcher Dinesh Venkatesan said in a blog.

So far only the following banks in Russia and South Korea and numbers are affected:

  • KB Bank: 15999999

  • KEB Hana Bank: 15991111

  • NH Bank: 15442100 and 15882100

  • Sberbank: 80055550

  • SC Bank: 15881599 and 15889999

  • Shinhan Bank: 15448000, 15778000, and 15998000

Cards must be cancelled using a non-infected phone.