KBS reported that malicious mobile apps used in voice-phishing schemes against South Koreans were linked by government authorities to a North Korean IT organization member selling the tools to Chinese criminal groups. The demonstration video showed an operator installing and managing the app, granting permissions, recording data, and manipulating how incoming caller numbers appeared on an infected phone. The app could make calls from China appear as if they came from Korean financial institutions and could intercept a victim’s attempted verification call by routing it back to a phishing call center. Investigators assessed that Korean-language interfaces and North Korean speech patterns in the video supported the view that South Korean users were the primary targets.