New Tactics Unveiled at Black Hat Asia

At the recent Black Hat Asia 2025 conference in Singapore, cybersecurity experts highlighted the growing sophistication of voice phishing scams, particularly those leveraging fake financial applications. The conference, a leading event for security professionals since 1997, served as a platform to dissect emerging threats and share defensive strategies.

Multi-Layered Attacks: How Criminals Operate

the Financial Security Agency (FSA) revealed findings from an analysis of approximately 900 malicious apps, exposing a complex, multi-tiered attack structure employed by criminal organizations. These groups lure victims through social media with enticing offers like low-interest loans or government assistance programs. The catch? Victims are directed to install fraudulent finance and even “vaccine” apps.

Criminal organizations are taking a multi -level attack structure that allows the victims to install fake finance apps and vaccine apps to attract victims by posting low interest rate loans or policy support promotions on social networking services (SNS).

Financial Security Control Center

This approach allows criminals to harvest sensitive financial data directly from the victim’s device. The FSA’s research, presented by hur Hye-ji and jang Sung-chan, head of the financial Security control Center, at Black hat Asia, detailed the attack scenarios observed in the wild.

Technical sophistication: Obfuscation and Encryption

The FSA’s analysis also uncovered the advanced technical measures used by these criminal groups. Attackers are now segregating thier infrastructure, using separate servers for malicious app distribution and command and control (C&C) operations. Furthermore, they employ app obfuscation and encryption techniques to evade detection by security software and law enforcement.

This mirrors a broader trend in cybercrime, where attackers are constantly refining their methods to stay ahead of security measures.According to a recent report by Cybersecurity Ventures, cybercrime is projected to cost the world $10.5 trillion annually by 2025, highlighting the urgent need for enhanced security measures.

Beyond Voice Phishing: A Broader Threat Landscape

Park Sang-won, director of the Financial Security agency, emphasized that electronic financial fraud is no longer limited to conventional voice phishing. Smishing (SMS phishing) and other forms of phishing are increasingly prevalent, demanding heightened vigilance from financial consumers.

It is indeed very meaningful to share the analysis results in Black Hat Asia, where experts gathered.

Park Sang-won, director of the Financial Security Agency

The FSA stressed the importance of details sharing and collaboration among relevant organizations to strengthen the overall response system. This collaborative approach is crucial to effectively combat the evolving threat landscape and protect consumers from financial fraud.

Protecting yourself: Key Takeaways

to protect yourself from these evolving threats, consider the following:

• Be skeptical of unsolicited offers, especially those promising unusually low interest rates or government assistance.
• Verify the legitimacy of any financial app before installing it.Download apps only from official app stores.
• Enable multi-factor authentication for all your financial accounts.
• Regularly review your bank statements and credit reports for any unauthorized activity.
• Report any suspected phishing attempts to your financial institution and the authorities.