A warning has been issued regarding a sophisticated form of voice phishing (vishing) called “Letscall” that specifically targets individuals in South Korea.
This advanced technique involves deceiving victims into downloading malicious apps from a fake Google Play Store website. Once installed, the malware redirects incoming calls to a call center operated by criminals who pose as bank employees to extract sensitive information.
The “Letscall” group utilizes cutting-edge technologies like voice over IP (VOIP), WebRTC, and protocols such as STUN and TURN to ensure high-quality calls and bypass restrictions. The attackers consist of Android developers, designers, frontend and backend developers, and call operators specializing in voice social engineering attacks.
The malware operates in three stages, involving downloader apps, spyware installation, and call rerouting. “Letscall” employs advanced evasion techniques such as obfuscation and complex naming structures to evade detection. The attackers automate calls and play pre-recorded messages to deceive victims and request micro-loans in their names.
While currently limited to South Korea, there are concerns that these attackers could expand their operations to other regions. This emerging form of vishing highlights the evolving nature of criminal tactics and their expertise in exploiting technology for malicious purposes.