Researchers have issued a warning about an emerging and sophisticated form of voice phishing (Vishing) known as “.let’s callThe technique is now targeting individuals in South Korea.
Criminals behind Letscall use a multi-stage attack to trick victims into downloading malicious apps from fake Google Play Store websites.
Once the malicious software is installed, calls are redirected to call centers controlled by criminals. Trained operators disguised as bankers extract sensitive information from unwitting victims.
To facilitate the routing of voice traffic, “Letscall” utilizes cutting-edge technologies such as VoIP (Voice over IP) and WebRTC. It also utilizes the Traversal using Relays around NAT (TURN) protocol, including Session Traversal Utilities for NAT (STUN) and Google STUN Server to ensure high quality phone or video calls and bypass NAT and firewall restrictions .
The “Letscall” group consists of Android developers, designers, front-end and back-end developers, and call operators who specialize in voice social engineering attacks.
This malware works in three stages. First, the downloader app prepares the victim’s device and paves the way for the installation of powerful spyware. The spyware then triggers the final stage, allowing incoming calls to be rerouted to the attacker’s call center.
“The third stage has its own set of commands that also include web socket commands. Some of these commands are related to address book operations, such as creating and deleting contacts. Others are It relates to creating, modifying and deleting filters, “which determine which calls should be intercepted and which should be ignored,” says Dutch mobile security firm ThreatFabric. report.
โLetscallโ is characterized by the use of advanced evasion techniques. The malware incorporates Tencent Legu and Bangcle (SecShell) obfuscation during the initial download. Later stages use complex naming structures in ZIP file directories to deliberately corrupt manifests to confuse and evade security systems.
Criminals have developed a system that automatically calls victims and plays pre-recorded messages to further deceive them. Combining mobile phone infection and vishing techniques, these scammers are able to assure victims of suspicious activity and redirect phones to their centers while requesting microloans in the victim’s name. I can.
๐ Privileged Access Management: Learn How to Overcome Key Challenges
Discover different approaches to overcoming the challenges of privileged account management (PAM) and leveling up your privileged access security strategy.
The impact of such an attack can be devastating, leaving victims with a large repayment obligation. Financial institutions often underestimate the seriousness of such intrusions and neglect to investigate potential fraud.
The threat is currently limited to South Korea, but researchers warn that there are no technical barriers preventing these attackers from expanding to other regions, including the European Union.
This new form of vishing attack highlights the constant evolution of criminal tactics and the ability to exploit technology for malicious purposes. The group responsible for the โLetscallโ malware demonstrates an intricate knowledge of Android security and voice routing technology.
