当前位置:首页 > 报告详情

“黑回声行动”:利用虚假金融和疫苗应用程序进行语音网络钓鱼.pdf

上传人: 竿*** 编号:981822 2025-11-29 81页 10.74MB

1、#BHAS BlackHatEventsOperation BlackEcho:Voice Phishing using Fake Financial and Vaccine AppsSpeakers:Hyeji Heo,Sungchan JangContributors:Kuyju Kim,Jinyong Byun,Byungwoo Hwang#BHAS BlackHatEventsSpeakersHyeji HeoSecurity researcher at Financial Security Institute(2017)Masters degree from Chungnam Nat

2、ional University(20152016)Responsible for analyzing and responding to Android malicious appsSungchan JangSecurity researcher at Financial Security Institute(2019)Security engineer at NCSOFT(20162019)Responsible for detecting and responding to phishing sites2#BHAS BlackHatEventsContributorsKuyju KimS

3、ecurity researcher at Financial Security InstituteAuthor of the report“Voice Phishing App Distribution Group Profiling”,published by FSI in 2022.Jinyong ByunSecurity researcher at Financial Security InstituteByungwoo HwangSecurity researcher&Malware analyst at Financial Security Institute3#BHAS Blac

4、kHatEventsOutline1.Background2.Attack Flow3.Malicious Apps4.Infrastructure5.Voice Phishing Scenario6.Countermeasure7.Trend8.Conclusion4#BHAS BlackHatEvents1.BackgroundOperation BlackEcho:Voice Phishing using Fake Financial and Vaccine Apps#BHAS BlackHatEvents Voice Phishing(a.k.a.Vishing)A crime whe

5、re scammers trick people over the phone to get money or personal information.Voice Phishing in South Korea(last 5 years)Understanding Voice PhishingFinancial themeGovernment theme Reference Korean National Police Agency6 High-value damage cases#BHAS BlackHatEvents Malicious AppsMalicious apps play a

6、 crucial role in voice phishing attacks on smartphone users.These apps intercept and block phone calls,tamper with call screens and call logs.New Type of Malicious AppsWhy we did researchFinancial theme app(malicious)Financial theme app(malicious)Vaccine theme app(malicious)Financial app(normal)Vacc

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Operation BlackEcho:Voice Phishing using Fake Financial and Vaccine Apps》报告,以下为全文主要内容概括: 1. **攻击背景**:韩国近年来语音钓鱼(Vishing)案件高发,恶意应用在攻击中扮演关键角色。 2. **攻击流程**:攻击者通过社交媒体等渠道散布恶意应用,受害者安装后,应用会拦截电话、窃取信息,并控制受害者设备进行语音钓鱼。 3. **恶意应用**:恶意应用分为金融和疫苗主题,具有拦截电话、窃取信息、远程控制等功能。 4. **基础设施**:攻击者使用云端服务隐藏服务器位置,并通过多种方式隐藏服务器地址。 5. **语音钓鱼场景**:攻击者冒充金融机构或政府机构,诱导受害者进行转账等操作。 6. **对策**:建议用户安装安全软件,谨慎提供个人信息;金融机构和调查机构应共享信息,预防恶意应用。 7. **趋势**:攻击者转向其他钓鱼业务,如短信钓鱼和二手交易钓鱼。 8. **结论**:加强安全意识,提高防范能力,共同打击语音钓鱼犯罪。
恶意应用如何行骗?" 疫苗应用成帮凶?" 如何防范恶意贷款应用?"
客服
商务合作
小程序
服务号
折叠