Currently, LetsCall is targeting users in South Korea, but considering how sophisticated it is, researchers believe attackers can expand this campaign to European Union countries.
The rise of Vishing (voice or VoIP phishing) has impacted consumers’ trust in unidentified callers. Usually, calls from bank employees or salespeople are common, but what if a fraudster makes the call?
According to a report from ThreatFabric, published on 7 July 2023, vishing attacks have become much more sophisticated lately. In a newly detected muli-stage vishing campaign attackers are using an advanced toolset dubbed LetsCall, featuring strong evasion tactics.
LetsCall is targeting users in South Korea, but considering how sophisticated it is, ThreatFabric researchers believe attackers can expand this campaign to European Union countries. What makes it unique is that it is a “ready-to-use framework, which any threat actor could use.”
LetsCall Attack Stages
This attack comprises three stages. Researchers dubbed the first stage the Downloader, in which preparations run on the device, necessary permissions are obtained, and a phishing web page is displayed. Afterwards, the second stage of malware is downloaded from the control server.
In the first stage, the victim visits the attacker’s specially crafted phishing web page, which looks like Google Play Store and is tricked into downloading the malicious application chain.
The second stage entails a powerful spyware application. The attacker exfiltrates data and enrols the infected device into the P2P VOIP network to make voice/video calls to the victim. A legit service called advanced vishing attack campaign letscall targets andriod users
