Operation BlackEcho: Voice Phishing Using Fake Financial and Vaccine Apps

Voice phishing (a.k.a. vishing) is a crime in which scammers deceive victims through phone calls in order to fraudulently obtain funds or steal personal information.

Malicious apps are needed for voice phishing attacks targeting smartphone users. These apps intercept and block phone calls, and tamper with call screens and call logs. We have identified an attack group that uses malicious apps disguised as financial and vaccine apps for voice phishing. We estimated that the group has been active since late 2021. The attack group lures victims through ads or text messages about low-interest loans or government subsidies. If victims take the bait, the group distributes the 1st malicious app disguised as a financial app. The 1st app installs a 2nd malicious app disguised as a vaccine app and steals victims’ input data. The 2nd app is used for voice phishing, remote control, victim monitoring, and data leakage. In the second half of 2024, this app was split into two separate apps: a 2nd_main and a 2nd_call app.

We have tracked and analyzed these malicious apps for a year. In this presentation, we will introduce the malicious apps, infrastructure, and recent trends of the attack group.

By:
Hyeji Heo | Security Researcher, Financial Security Institute
Sungchan Jang | Security Researcher, Financial Security Institute
Byungwoo Hwang | Security Researcher, Financial Security Institute
Jinyong Byun | Security Researcher, Financial Security Institute
Kuyju Kim | Security Researcher, Financial Security Institute

Full Abstract and Presentation Materials Available:
https://www.blackhat.com/asia-25/briefings/schedule/#operation-blackecho-voice-phishing-using-fake-financial-and-vaccine-apps-44173Black HatRead More