When a person's payment card is compromised the first move is to call the bank and cancel the cards, but a new variant of the Android.Fakebank banking malware has the ability to discover and block any calls going from the infected device to the bank.
Android.Fakebank.B installs a broadcast receiver component on the targeted device that activates every time the victim attempts to call the bank's customer service department. Once active it blocks the call from going through effectively stopping the cancellation of the payment card giving the criminals more time to steal from it, Symantec researcher Dinesh Venkatesan said in a blog.
So far only the following banks in Russia and South Korea and numbers are affected:
KB Bank: 15999999
KEB Hana Bank: 15991111
NH Bank: 15442100 and 15882100
Sberbank: 80055550
SC Bank: 15881599 and 15889999
Shinhan Bank: 15448000, 15778000, and 15998000
Cards must be canceled using a non-infected phone.