"Clever Letscall Vishing Malware Targets Android Phones"

A voice-based phishing (vishing) malware is targeting Android phones and stealing sensitive financial information from victims, as part of a trend generating millions of dollars in profits using vishing attack techniques. These attacks, unlike the common and simple vishing scams, take over handsets, implant prerecorded voice messages, and reroute calls to scammer call centers. Researchers' analysis of the vishing campaign details how the malware operates and links it to a collection of malicious Android apps. When victims are tricked into installing the malware, malicious actors can launch a series of vishing attacks. The malware currently targets victims in South Korea, but researchers believe it could be easily adapted to operate in any country and sold as a service on the dark web. ThreatFabric researchers noted in a recent report that they discovered the malicious Letscall app during their routine threat-hunting activities. According to the researchers, the malware is particularly effective for stealing personal information and conducting financial scams. Once infected, threat actors can take over the device's calling function, thus enabling them to make spoofed calls claiming to be from a financial institution or to redirect calls to their own call center when the victim attempts to call their bank. This article continues to discuss findings regarding the vishing campaign targeting Android phones. 

SC Magazine reports "Clever Letscall Vishing Malware Targets Android Phones"