A sophisticated Android malware campaign led by Vietnamese hackers is targeting Indian users through fake traffic e-challan messages on WhatsApp, according to a recent report by cybersecurity firm CloudSEK. The malware, identified as part of the Wromba family, has already infected over 4,400 devices, resulting in fraudulent transactions exceeding ₹16 lakh by just one scam operator.

How the Scam Works

Scammers are sending fake e-challan messages, impersonating legitimate authorities like Parivahan Sewa or Karnataka Police, and tricking recipients into installing a malicious app. When users click the link in the WhatsApp message, they download a malicious APK disguised as a legitimate application. Upon installation, the malware requests extensive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app.

Consequences of the Malware

Once installed, the malware performs several malicious activities:

1. Data Theft: It extracts all contacts to further propagate the scam.

2. Intercepting OTPs: The malware intercepts OTPs and other sensitive messages, allowing attackers to log into victims' e-commerce accounts.

3. Financial Fraud: Attackers use intercepted information to purchase and redeem gift cards without leaving traces.

4. Low-Profile Transactions: By using proxy IPs, attackers avoid detection and keep their transaction profiles low.

Impact and Affected Regions

The scam has led to 271 unique gift card transactions worth ₹16,31,000. Gujarat has been identified as the most affected region, followed by Karnataka.

Recommendations for Protection

CloudSEK urges users to adopt several security best practices to guard against such threats:

• Install Apps from Trusted Sources: Only download apps from legitimate sources like the Google Play Store.

• Limit App Permissions: Regularly review and limit app permissions.

• Maintain Updated Systems: Keep your devices and apps updated.

• Enable Alerts: Set up alerts for banking and other sensitive services to monitor unauthorized activities.

By following these precautions, users can significantly reduce the risk of falling victim to such sophisticated scams.

For more detailed information and updates, refer to the original report by CloudSEK and other reliable cybersecurity sources.

Also Read:

1. Tata Curvv Could Offer These 5 Features Over Citroen Basalt

2. ITMS Goes Live on Mumbai-Pune Expressway: Initial Hiccups in Real-Time Challan Issuance

3. In Punjab, Machines Will Issue Challans for Unauthorized Construction