This new platform uses AI-powered calls to start big attacks.
Hackers are using artificial intelligence more and more to attack. In this context, we will look at a new platform for voice vishing, which is a way to attack people by making fake calls. The voice is made by AI programs, which automates the whole process. This is different from other attacks of this kind. This helps them reach a lot more people.
These fully automated voice phishing attacks use social engineering. They typically attempt to trick the victim into performing a specific action, such as providing personal information, downloading a file, or adjusting system settings. They usually claim there is a problem with the account, device, or something else.
This malicious platform, called ATHR, was discovered by security researchers at Abnormal, a cloud-based email security company, as detailed in their April 16th post. It is a complete generator for phishing and voice phishing attacks. The platform provides customized email templates for specific brands, meticulously crafted using various impersonation techniques to make the message appear to originate from a trusted source.
Security researchers have noted that ATHR is compatible with popular online services such as Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL. Therefore, if you have an account on any of these platforms, which is highly likely, you should be cautious. This malicious platform is advertised on dark web forums for $4,000 USD (approximately €3,480 at the current exchange rate) plus a 10% commission on profits.
But how does this attack work? First, the victim receives an email. This email is designed to bypass common security checks or technical authentication procedures. The trick usually involves a fake security alert or a notification that makes the victim believe there is an urgent need. This alert includes a phone number that the victim is asked to call.
Upon initiating the call, the victim is redirected through the Asterisk and WebRTC systems to AI agents who follow a series of instructions to guide them through the data theft process. Everything is meticulously designed to appear legitimate and gain the victim's trust. They can then request codes, sent via email, to control accounts and applications, steal data and money, and more.
How to act
Undoubtedly, the most important thing is to use common sense. If you receive an email like this, indicating a problem and urging you to call a phone number, be wary. Carefully check the website address, the domain name, and the message itself. If you have any doubts, you can always contact the company through its official channels.
It's also essential to protect your device well. Make sure you install the latest updates to patch any security vulnerabilities and prevent attackers from exploiting them. This will protect you from many attacks, and it's a procedure that should be followed on all your devices.
Furthermore, having a good security program is essential. This will enable you to detect and eliminate threats that could compromise your online security.
In short, beware of this type of malicious campaign, which may use artificial intelligence to generate calls and steal data or passwords. Always protect your device and avoid mistakes.