July 7, 2023swati kanderwalMobile Security/Malware

Researchers have issued a warning about an emerging and sophisticated form of voice phishing (Vishing) known as “.let’s callThe technique is now targeting individuals in South Korea.

Criminals behind Letscall use a multi-stage attack to trick victims into downloading malicious apps from fake Google Play Store websites.

Once the malicious software is installed, calls are redirected to call centers controlled by criminals. Trained operators disguised as bankers extract sensitive information from unwitting victims.

To facilitate the routing of voice traffic, “Letscall” utilizes cutting-edge technologies such as VoIP (Voice over IP) and WebRTC. It also utilizes the Traversal using Relays around NAT (TURN) protocol, including Session Traversal Utilities for NAT (STUN) and Google STUN Server to ensure high quality phone or video calls and bypass NAT and firewall restrictions .

The “Letscall” group consists of Android developers, designers, front-end and back-end developers, and call operators who specialize in voice social engineering attacks.

This malware works in three stages. First, the downloader app prepares the victim’s device and paves the way for the installation of powerful spyware. The spyware then triggers the final stage, allowing incoming calls to be rerouted to the attacker’s call center.

voice traffic routing

“The third stage has its own set of commands that also include web socket commands. Some of these commands are related to address book operations, such as creating and deleting contacts. Others are It relates to creating, modifying and deleting filters, “which determine which calls should be intercepted and which should be ignored,” says Dutch mobile security firm ThreatFabric. report.

“Letscall” is characterized by the use of advanced evasion techniques. The malware incorporates Tencent Legu and Bangcle (SecShell) obfuscation during the initial download. Later stages use complex naming structures in ZIP file directories to deliberately corrupt manifests to confuse and evade security systems.

voice traffic routing

Criminals have developed a system that automatically calls victims and plays pre-recorded messages to further deceive them. Combining mobile phone infection and vishing techniques, these scammers are able to assure victims of suspicious activity and redirect phones to their centers while requesting microloans in the victim’s name. I can.

upcoming webinars

🔐 Privileged Access Management: Learn How to Overcome Key Challenges

Discover different approaches to overcoming the challenges of privileged account management (PAM) and leveling up your privileged access security strategy.

reserve a spot

The impact of such an attack can be devastating, leaving victims with a large repayment obligation. Financial institutions often underestimate the seriousness of such intrusions and neglect to investigate potential fraud.

The threat is currently limited to South Korea, but researchers warn that there are no technical barriers preventing these attackers from expanding to other regions, including the European Union.

This new form of vishing attack highlights the constant evolution of criminal tactics and the ability to exploit technology for malicious purposes. The group responsible for the “Letscall” malware demonstrates an intricate knowledge of Android security and voice routing technology.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog