Resources
  • Research
  • Threat Intelligence Reports
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)
2024.05.20

S2W Threat Intelligence Center TALON has published a detailed analytical report on the voice phishing epidemic in South Korea.


Title: 📞 SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)


Summary:

  • Voice phishing groups are creating phishing pages and developing malicious Android apps to trick victims into accessing these sites, ultimately installing the apps for financial fraud to steal money.
  • We named a family of voice phishing apps distributed in South Korea, which impersonate law enforcement agencies, financial institutions, and more, as 'SecretCalls Loader / SecretCalls.' The threat group using this malware for voice phishing attacks is known as 'SecretCrow.'
  • SecretCalls Loader performs techniques such as emulator detection, class/function name obfuscation, DEX encryption, DEX dynamic loading, and triggering a second-stage installation (SecretCalls) to disrupt analysis.
  • SecretCalls will be analyzed in two parts, with 'Part 1' analyzing the phishing site, distribution method, and SecretCalls Loader app, and 'Part 2' analyzing the functionality of SecretCalls, including the actual malicious behavior.


🧑‍💻 Report Author: S2W TALON


👉 Learn more: Click Here to Read the Full Text


If you have any questions about our cybersecurity reports, please don't hesitate to contact us.

https://s2w.inc/en/contact


*The full report is available upon request.


List