Hackers Generated Sophisticated Call Forwarding Attack
It can probably be described as the next level of phishing. Security researchers are currently pointing to a particularly complex, multi-stage phishing campaign. Incoming and outgoing calls are specifically diverted in order to take advantage of victims.
New tool for malicious call forwarding called LetsCall
There are many very clumsy phishing methods that rely on overly careless users. The campaign, which the security experts at Threatfabric are now reporting on, is much more sophisticated. During the most recent hunt for dangers, the researchers found a tool called “Letscall” that is currently circulating in South Korea but can also be used globally without any problems. “We are dealing with a ready-to-use framework that could be used by any threat actor,” the researchers write in the blog post.
As described further, the attack is based on three stages. In the first step, victims are directed to a Google Play Store clone and download the first part of the “malicious application chain”, which is hidden behind stolen logos of well-known apps. This cheats the necessary permissions to download another piece of malware from the control server. This is a powerful spyware that enrolls infected devices in the backers’ P2P VOIP network. From this point on, all video and voice calls can be redirected.
Scammers in South Korea then use all these preparations to swindle money in the name of their victims. “A common type of attack that we have observed is to apply for a small loan behind the victim’s back,” the researchers said. Should the victim try to contact their bank about unusual activities, they are then redirected directly to the scammers’ call center.
However, as the researchers emphasize, there is still a fairly simple method of protecting oneself against such attacks quite reliably – or at least making it as difficult as possible for the attackers. The notorious gateway is the operating aids under Android also called accessibility services. In case of doubt, this authorization should not be granted. “Without this permission, it becomes much more difficult for criminals to operate on the device,” says Threatfabric.
Research Snipers is currently covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More. Research Snipers has decade of experience in breaking technology news, covering latest trends in tech news, and recent developments.
