PhantomCall Malware Disguised as Chrome App Hits Banks Worldwide
Recently, a malicious variant known as PhantomCall has emerged, disguising itself as a fake Chrome application and launching attacks on financial institution users across multiple regions worldwide. Since April, these attacks have been reported in Europe, North America, the Middle East, and Asia, with Spain, Italy, and the UAE identified as primary targets. The attackers trick victims into installing the fake app through disguised extensions, then use a “Downloader” technique to bypass Android 13’s restrictions on accessibility services, silently implanting malicious code into devices. Sinokap examines the risks behind this threat and provides actionable security recommendations.
Attack Mechanism Details
1. Disguise and Trust Manipulation
The malware forges Chrome icons and impersonates official applications or update prompts. Victims are tricked into clicking “Update” or “Install from unknown sources,” enabling sideload installation of the fake app.
2. Bypassing Android Accessibility Restrictions
Android 13 introduced stricter security controls, limiting non-store apps from requesting accessibility permissions. PhantomCall exploits the PackageInstaller.Session API to mimic Play Store processes, successfully luring users into enabling these permissions.
3. Call Control and Interception
Once installed, the malware can silently block legitimate incoming calls, send USSD commands, or set up call forwarding. This allows attackers to hijack communication channels and maintain control, a tactic often used in financial fraud.
4. Social Engineering and Persistent Pressure
PhantomCall continuously displays “update reminders” and permission requests, coercing users into enabling unknown source installation and accessibility services. These pop-ups closely mimic system updates or standard Android settings, making them hard for non-technical users to detect.
Security Implications and Mitigation Strategies
Sinokap recommends enterprises maintain constant vigilance against such threats by strengthening mobile and network security with systematic defenses:
User Awareness and Training: Employees and customers should be warned not to click on suspicious app updates or grant unknown installation permissions, especially fake browser or system update prompts.
Application Review and Whitelisting: Enforce strict whitelisting policies on enterprise devices, ensuring that only approved apps from verified sources are installed.
Permission Monitoring and Control: Closely monitor accessibility services, unknown source installations, and USSD commands. Block and alert security teams whenever suspicious apps request such permissions.
PhantomCall’s exploitation of disguise and permission abuse for global banking fraud highlights an uncomfortable truth: while operating systems continuously improve security features, attackers evolve just as quickly. True enterprise security depends not only on technology but also on robust processes, permission controls, user education, and ongoing monitoring.
How to Defend Against Fake Malicious Apps
1. Always Download Apps from Official Sources
Do not trust apps downloaded from SMS, social media platforms, cloud storage links, or other unofficial channels. Always use official app stores or websites to download applications.
2. Be Cautious When Granting Sensitive Permissions
Pay extra attention when installing apps that request permissions for SMS, contacts, accessibility services, or other sensitive data.
3. Regularly Scan with Security Software
Use professional antivirus or mobile security management software to regularly scan and remove malicious apps.
4. Keep Your Mobile OS and Security Software Up-to-Date
Install system updates and upgrade antivirus software as soon as updates are available. This can effectively fix security vulnerabilities and enhance protection.
5. Stay Informed Through Official Announcements
Keep up to date with security information released by national authorities to be aware of potential risks and protect your devices early.
Sinokap IT Security Training
In past projects, Sinokap successfully helped numerous corporate clients identify and eliminate phishing emails and malware. These case studies highlight our expertise in addressing information security threats:
1. Phishing Email Prevention
We regularly assist clients in identifying and dealing with several network attacks caused by employees mistakenly opening phishing emails. Through rapid response and blocking of malicious links, we ensure that company data remains secure. Additionally, we provide phishing email recognition training for employees to reduce the occurrence of similar incidents in the future.
2. Malware Removal Quick Guide
Sinokap helps companies quickly clean infected devices, restoring normal business operations. We also conduct regular security drills and training to raise employee awareness of various cyberattacks.
Not only have we helped clients effectively respond to urgent security issues, but we also provide long-term information security solutions. Sinokap’s IT outsourcing services and information security expert team are always by your side, ensuring the safety of your business data and operations.
Table of Contents
What We Provide
Managed IT Service
How can we help you?
Call Us, Write Us, Or Knock On Our Door. We are here to help. Thanks for contacting us!
Recent Posts
