A fake traffic challan scam on WhatsApp tricks users into downloading malware. This malicious app, disguised as a real app, steals personal informatio
…
A sophisticated Android malware application is targeting Indian users through WhatsApp, according to a report by cybersecurity firm CloudSEK. Vietnamese hackers are exploiting concerns over traffic violations by sending fake e-challan messages impersonating legitimate authorities like Parivahan Sewa or Karnataka Police.
The scam hinges on tricking users into installing a malicious app disguised as a legitimate application. Clicking a link within the WhatsApp message triggers the download of this malware, identified as part of the Wromba family. Once installed, the app requests excessive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app.
(Also read: Noida Police issues over 3,600 e-challans in a day for traffic rules violations)
This access allows the malware to steal personal information and facilitate financial fraud. By intercepting one-time passwords (OTPs) and other sensitive messages, attackers can gain access to victims’ e-commerce accounts. They then exploit this access to purchase gift cards and redeem them anonymously, making it difficult to trace the fraudulent transactions.
Widespread impact and sophisticated techniques
CloudSEK researchers estimate that the malware has infected over 4,400 devices and resulted in fraudulent transactions exceeding ₹16 lakh by just one scam operator, a report by IANS stated. Furthermore, the malware automatically extracts a user’s contacts to target them for further scams. Additionally, it forwards SMS messages to the attackers, enabling them to potentially bypass two-factor authentication and access various financial applications.
(Also read: Traffic e-challan to be issued in 15 days as Centre tightens noose for violators)
The report also highlights the use of proxy IPs by the attackers to evade detection and maintain a low transaction profile. Gujarat has been identified as the most affected region in India, followed by Karnataka.
Protecting yourself from the scam
CloudSEK recommends several security measures to defend against this malware. First, only install apps from reputable sources like the Google Play Store. Second, be cautious of app permissions and regularly review them to ensure they align with the app’s functionality.
Third, keep your operating system and security software up-to-date to benefit from the latest security patches. Finally, enable alerts for banking and other sensitive services to be notified of any suspicious activity.
First Published Date: 18 Jul 2024, 12:39 PM IST