top of page

Warning Issued on Advanced "Letscall" Vishing Attack Targeting South Korea

Cybersecurity experts have recently sounded the alarm about a novel and sophisticated voice phishing (vishing) strategy known as "Letscall." Currently, the victims targeted by the malevolent actors behind "Let's call" are located in South Korea. This deceptive technique lures unsuspecting individuals into downloading harmful apps, cleverly disguised behind a fake Google Play Store façade. After the detrimental software has been installed, it manipulates the victim's device to reroute incoming calls to an offender-controlled call center. Here, crafty operators, playing the role of bank employees, manipulate the unknowing victims into revealing sensitive information. "Letscall" takes advantage of advanced technologies like voice over IP (VOIP) and WebRTC, and makes use of protocols like Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) (including Google STUN servers) to bypass standard restrictions and ensure smooth phone or video calls. The criminals piloting this scheme comprise of a well-rounded team, featuring Android developers, designers, frontend and backend developers, as well as operators with a knack for persuading social engineering attacks. The malware operates systematically, beginning by gradually conditioning the android device with a decoy app. Following this, potent spyware is introduced which paves the way to redirect incoming calls to the villain's call center. Highlighting the major threat this form of attack represents, ThreatFabric, a Dutch mobile security firm noted that "Letscall" manipulates address books and filters calls selectively, giving cybercriminals the power to intercept any phone call. What differentiates "Letscall" is its use of advanced evasion methods. Starting with Tencent Legu and Bangcle (SecShell) obfuscation during the initial download. Furthermore, in the later stages, it employs convoluted naming customs in ZIP file directories and deliberately corrupts the manifest, allowing it to elude security systems. The criminals have also devised an automated system. This system places a call to the victims, playing prerecorded messages exacerbating their deceptive operation. These cyber malefactors have also begun to request micro-loans in the victims' names, resulting in further damage and financial loss. The aftermath of such attacks is both significant and devastating, leaving unsuspecting victims grappling with hefty loans to reimburse. Regrettably, financial institutions often underestimate these risks and do not adequately scrutinize these attacks. Although this type of vishing attack is currently confined to South Korea, researchers warn it's only a matter of time before these inhibitions expand to other areas, including the EU. The continuing evolution in the techniques used by perpetrators showcases the ability of such malevolent actors to exploit technology. The group known for designing the "Letscall" malware exhibits a profound understanding of the mechanics of Android security and voice routing technologies. The increasing sophistication of cyber-attacks underlines the vital importance for individuals and businesses alike to bolster their cybersecurity defenses against such emerging threats. To stay updated on cybersecurity insights, news, and advice, sign up and boost your knowledge on protecting yourself from potential cyber threats.


bottom of page