The criminals behind “Letscall” employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. Trained operators posing as bank employees then extract sensitive information from unsuspecting victims.
To facilitate the routing of voice traffic, “Letscall” utilizes cutting-edge technologies such as voice over IP (VOIP) and WebRTC. It also makes use of Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) protocols, including Google STUN servers, to ensure high-quality phone or video calls and bypass NAT and firewall restrictions.
images from Hacker News