Researchers have issued a warning about a new form of voice phishing, called “Letscall,” that is targeting people in South Korea. The criminals behind “Letscall” use a multi-step attack to trick victims into downloading malicious apps from a fake Google Play Store website. Once the app is installed, it redirects incoming calls to a call center controlled by the criminals. The operators pose as bank employees and collect sensitive information from unsuspecting victims.
To facilitate voice traffic, “Letscall” uses advanced technologies like Voice over IP (VOIP) and WebRTC. It also uses protocols such as STUN and TURN, including Google STUN servers, to ensure good quality phone or video calls and bypass security measures.
The “Letscall” group is made up of Android developers, designers, and call operators who specialize in voice social engineering attacks. The malware operates in three stages, and at the final stage it redirects incoming calls to the call center.
What sets “Letscall” apart is its use of advanced evasion techniques. It incorporates obfuscation during the initial download and uses complex file name structures in the directories to confuse security systems. The criminals have also developed automated systems that call the victims and play pre-recorded messages to further deceive them.
The consequences of these attacks can be severe, leaving victims with large loans to repay. Financial institutions often underestimate the severity of these attacks, and there is concern that the attackers could expand to other regions in the future. This new form of voice phishing shows how criminals are constantly evolving their tactics to leverage technology for malicious purposes.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.