Skip to content

Hide Navigation Hide TOC

Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be)

Fakecalls is an Android trojan, first detected in January 2021, that masquerades as South Korean banking apps. It has capabilities to intercept calls to banking institutions and even maintain realistic dialogues with the victim using pre-recorded audio snippets.(Citation: kaspersky_fakecalls_0422)

Cluster A Galaxy A Cluster B Galaxy B Level
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 1
Fakecalls - S1080 (429e1526-6293-495b-8808-af7f9a66c4be) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2