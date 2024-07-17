Follow us on Image Source : FREEPIK Fake traffic e-challan

A sophisticated Android malware campaign conducted by Vietnamese hackers is targeting Indian users through fake traffic e-challan messages on WhatsApp, as reported on Wednesday. Researchers from CloudSEK, a cybersecurity firm, have identified the malware as part of the Wromba family. The malware has already infected over 4,400 devices and has resulted in fraudulent transactions exceeding Rs. 16 lakh by a single scam operator.

How the scam works?

Scammers are sending fake e-challan messages, impersonating the Parivahan Sewa or Karnataka Police, and tricking individuals into installing a malicious app. This app not only steals personal information but also facilitates financial fraud. Clicking the link within the WhatsApp message will prompt the download of a malicious APK disguised as a legitimate application.

Once installed, the malware requests excessive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app. It intercepts OTPs and other sensitive messages, allowing attackers to log in to victims' e-commerce accounts, purchase gift cards, and redeem them without leaving a trace.

Why it is not easy to intercept these frauds?

The attackers use proxy IPs to avoid detection and maintain a low transaction profile. With the use of the malware, they have accessed 271 unique gift cards, facilitating transactions worth Rs 16,31,000. The most affected region has been identified as Gujarat, followed by Karnataka.

How can you avoid such types of scams?

To protect against such malware threats, users can stay vigilant and adopt security best practices, including installing apps only from trusted sources like Google Play Store, limiting app permissions and regularly reviewing them, maintaining updated systems, and enabling alerts for banking and sensitive services.

Vikas Kundu, Threat Researcher at CloudSEK, commented that "Vietnamese threat actors are targeting Indian users by sharing malicious mobile apps under the pretext of issuing vehicle challans on WhatsApp."

