Indian smartphone users are falling prey to a sophisticated Android malware campaign run by Vietnamese hackers, who are using fake traffic e-challan messages on WhatsApp to gain access to devices. Gujarat has been identified as the most affected region, followed by Karnataka. This alarming trend was highlighted in a report by cybersecurity firm CloudSEK, as reported by PTI.
The malware, identified as part of the Wromba family, has already infected more than 4,400 devices, leading to fraudulent transactions totaling over Rs 16 lakh.
The scammers send deceptive e-challan messages, pretending to be from Parivahan Sewa or Karnataka Police, urging recipients to install a malicious app. This app, once installed, not only steals personal information but also enables financial fraud.
How the Scam Works
WhatsApp Message: The process begins with a seemingly urgent WhatsApp message containing a link.
Malicious APK Download: Clicking this link downloads a malicious APK, disguised as a legitimate application.
Permission Requests: The malware then requests extensive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app.
Data Interception: These permissions allow the malware to intercept OTPs and other sensitive messages, enabling the attackers to access victims' e-commerce accounts, purchase gift cards, and redeem them stealthily.
Safety Tips to Protect Against E-challan Scams
Install Apps from Trusted Sources: Only download apps from the Google Play Store or other reputable sources.
Limit App Permissions: Be cautious about the permissions you grant to apps. Regularly review and restrict app permissions.
Keep Systems Updated: Ensure your smartphone’s operating system and apps are up-to-date to protect against vulnerabilities.
Enable Alerts: Set up alerts for banking and other sensitive services to monitor unauthorized transactions.
Verify Details Before Paying Fines: Genuine e-challans will include specific information like your vehicle registration number and the exact violation.
Use Official Channels: Visit traffic authority websites directly rather than clicking on links in messages. Legitimate Indian government websites typically use the ".gov.in" domain.
Report Scams: Report suspected scams to authorities to help prevent others from becoming victims.
By following these safety tips, you can protect yourself from falling victim to e-challan scams and other malware threats.
Also Read: