New banking malware stops customers from cancelling payment cards

News by Doug Olenick

Symantec has spotted a new banking malware that stops a victim from cancelling a compromised payment card by blocking calls from the infected device to the bank's customer service department.

When a person's payment card is compromised the first move is to call the bank and cancel the cards, but a new variant of the Android.Fakebank banking malware has the ability to discover and block any calls going from the infected device to the bank.

Android.Fakebank.B installs a broadcast receiver component on the targeted device that activates every time the victim attempts to call the bank's customer service department. Once active, it blocks the call from going through effectively stopping the cancellation of the payment card giving the criminals more time to steal from it, Symantec researcher Dinesh Venkatesan said in a blog.

So far only the following banks in Russia and South Korea and numbers are affected:

  • KB Bank: 15999999

  • KEB Hana Bank: 15991111

  • NH Bank: 15442100 and 15882100

  • Sberbank: 80055550

  • SC Bank: 15881599 and 15889999

  • Shinhan Bank: 15448000, 15778000, and 15998000

Cards must be cancelled using a non-infected phone.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events