Posted on March 16, 2023 at 1:48 PM
Researchers have detected voice phishing malware targeting victims based in South Korea. The malware has been found to impersonate 20 of the largest financial institutions in the country, posing a major risk to the targets.
Android voice phishing malware targets victims in South Korea
The malware in question was detected by Check Point Research (CPR). The researchers at the company have named this malware tool “FakeCalls,” which usually lures victims by informing them of fake loans. When an unsuspecting user falls top the trap set by the hackers, they are requested to confirm their credit card numbers. The goal of these hackers is to steal these numbers.
One of the researchers at CPR, Alexander Chailytko, said that the malware not only steals credit card information but can also infiltrate the victim’s device and steal sensitive data.
“FakeCalls malware possesses the functionality of a Swiss army knife, able to not only conduct its primary aim but also to extract private data from the victim’s device,” Chailytko said.
A report published by the CPR about this malware noted that it might have caused significant damage before it was detected. The researchers identified over 2500 samples of the FakeCalls malware targeting financial organizations. The malware mimicked financial organizations, and it adopted evasion techniques to avoid being detected by security systems put in place.
The team also said that the malware developers took extra measures to ensure that the malware conducted its phishing operations without being detected by antivirus programs installed on user devices. According to CPR, the evasion techniques used by the hackers behind this malware have not previously been observed in the wild, pointing to the hackers being a sophisticated group.
While explaining the lengths that the hackers went to avoid detection, Chailytko said, “the malware developers took special care with the technical aspects of their creation as well as implementing several unique and effective anti-analysis techniques. In addition, they devised mechanisms for disguised resolution of the command-and-control servers behind the operations.”
The researcher noted that there was a risk that the technique used by the hacker behind the FakeCalls malware could be replicated by other threat actors. The malware could target other industries apart from the finance industry globally, making it a critical threat to multiple industries.
Protecting users against vishing attacks
Chailytko has shared several recommendations for those who want to protect themselves from this malware. He noted that Android users in South Korea needed to remain vigilant and ensure they did not fall victim to the vishing campaigns.
He noted that one of the measures that users can take is to ensure they do not share personal and sensitive information through the phone. Additionally, Android users based in South Korea should remain wary of any suspicious phone calls that cane been made from unknown numbers. This will guarantee that they avoid any traps set by the hackers.
The CPR report has also shared several guidelines to help Android users avoid falling victim to similar attacks. One of the recommendations is for users to be on the lookout for suspicious delays before a caller speaks. Additionally, suspicious callers might ask the recipient to verify details such as the website URLs or job titles.
CPR has also advised users not to respond to automated messages, as these might have likely originated from threat actors. Automated messages could also allow cybercriminals to record their voices, which could be used for authentication in other attacks.
Vishing attacks are usually similar to phishing campaigns, where a hacker collects information from the target beforehand before the same information is used in another attack. Therefore, in the vishing campaigns, a threat actor might be using recorded phone conversations to authenticate the target’s accounts in other future attacks.
Moreover, the growing risk of cybersecurity attacks targeting Android users means that these users must continuously remain vigilant to ensure they do not fall victim. Many Android users globally make these devices more attractive to hackers that want to launch attacks.
The recent findings by CPR also confirm a previous report that Proofpoint published. In December 2022, Proofpoint researchers said that vishing campaigns would be on the rise in 2023. Additionally, the researchers said that hackers would increasingly use vishing tools this year, and the exploit targeting South Korean Android users is proof of this.