ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Intelligence Reports
Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps
2024.11.07

S2W's Threat Research and Intelligence Center, TALON, has published a detailed analysis report on the voicephishing malware.

The report is related with the summary from the "AI Security Report for the Financial Sector: Part 1", which was initially released as a summary in August.

✅ Report Title:

Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps

✅ Executive Summary:

The organization distributing voice phishing malware builds phishing pages and develops mobile malware to steal money from victims through financial scams. They lure victims into accessing phishing pages and installing malicious apps.

Voice phishing malware has a unique feature that forcibly redirects calls: even when victims try to contact law enforcement or financial institutions, the call connects to the attackers. Similarly, if these institutions try to call the victim, the call is redirected to the attackers. The malware also enables malicious activities such as recording calls, tampering with call history, and streaming from the victim’s camera or microphone in real-time.

TALON categorizes six main organizations distributing voice phishing malware targeting users in Korea. This report provides a detailed analysis of phishing sites and malware distributed by the TheftCrow threatactor, which is currently the most active in spreading voice phishing malware, specifically the TheftCalls Loader and TheftCalls malware.

📌 About TheftCRow

TheftCRow is one of the voice phishing distribution groups named internally by TALON. The name combines the "Theft" string identified in the attackers' emails with CyberCrime" (CR). The malware used by this group is named TheftCalls Loader / TheftCalls.

This group has set up numerous phishing sites disguised as law enforcement, financial institutions, and shopping malls. They lure victims to these phishing pages through smishing or loan consultations, ultimately leading them to download and install an app that performs malicious functions.

🧑‍💻 Report Author: S2W TALON

Specific distribution cases can be reviewed in detail on the S2W Tech Blog through the provided link.

👉 Full Report: https://bit.ly/4hFSuqi


*The full report is available upon request.


News Highlights
DDW Weekly Highlights in October W5
2024.11.07
Previous
Threat Analysis Brief Reports
Analysis Report of OpSouthKorea Campaign
2024.11.13
Next
List