They don't just hack your phone. They call you to help them do it. 📱📞 We investigate the evolution of Mobile Banking Fraud. We break down the rise of "Hybrid Attacks"—a deadly combination of "Vishing" (Voice Phishing) and banking trojans like FakeCalls. We reveal how scammers use malware to redirect your call to your bank's "fraud department" straight to them, tricking you into handing over the keys to your account.

1. The "FakeCalls" Trojan: Your bank isn't on the line. We analyze the code. We discuss the malware that intercepts your outgoing calls. When you try to call your real bank to report fraud, the app redirects the call to the hacker's call center, while keeping the real bank's logo on your screen. It's the ultimate social engineering trick.

2. The 2FA Bypass: Why SMS is dead. We expose the weakness. We discuss how "Overlay Attacks" place a fake login window on top of your real banking app to steal your password, while the malware simultaneously reads your incoming SMS One-Time Passwords (OTP). We explain why "Device Binding" is the only real defense left.

3. The Ghost in the Machine: Controlling your phone remotely. We explore the endgame. We discuss On-Device Fraud (ODF), where hackers use Accessibility Services to remotely control your phone—swiping, clicking, and transferring money—while the device is sitting in your pocket, making it look like a legitimate user transaction to the bank's security systems.

The full list of sources used to create this episode can be found on our Patreon under https://www.patreon.com/c/Morgrain