Beware: Android Malware Targets Indian Users via Fake WhatsApp E-Challan Scam

News Mania Desk/Agnibeena Ghosh/18th July 2024

A sophisticated Android malware campaign originating from Vietnam has been identified targeting Indian users through deceptive WhatsApp messages offering fake traffic e-challans, as reported recently.

CloudSEK, a cybersecurity firm, revealed that the malware, identified as part of the Wromba family, has already infected over 4,400 devices in India. The attackers have managed to execute fraudulent transactions exceeding Rs. 16 lakh through this malicious scheme.

According to Vikas Kundu, a Threat Researcher at CloudSEK, the threat actors are distributing malicious mobile apps under the guise of issuing vehicle challans through WhatsApp. These apps impersonate official channels like Parivahan Sewa or Karnataka Police, tricking unsuspecting users into downloading them.

Once installed, the malicious app requests extensive permissions, including access to contacts, SMS messages, phone calls, and the capability to control messaging applications. This allows the malware to intercept OTPs (One-Time Passwords) and other sensitive information, facilitating unauthorized access to victims’ e-commerce accounts.

Kundu emphasized that the malware also harvests contacts from infected devices to expand its reach, forwarding all incoming SMS messages to the threat actors. This enables them to gain unauthorized access to various financial and e-commerce platforms associated with the victim.

To evade detection, the attackers utilize proxy IPs and maintain a low-profile transaction history, making it challenging to trace their activities. The report highlighted that the attackers have exploited the malware to access 271 unique gift cards, conducting transactions totaling Rs. 16,31,000.

The states most affected by this Android malware campaign include Gujarat and Karnataka, where a significant number of devices have fallen victim to the scam.

CloudSEK has issued guidelines to help users protect themselves against such threats. They advise users to exercise caution and adhere to security best practices such as:

1. Downloading Apps from Trusted Sources: Only install applications from reputable sources like the Google Play Store to mitigate the risk of downloading malicious software.
2. Limiting App Permissions: Review and restrict app permissions to minimize the likelihood of unauthorized access to sensitive data.
3. Keeping Systems Updated: Regularly update operating systems and applications to patch vulnerabilities that could be exploited by malware.
4. Enabling Alerts: Enable notifications for transactions and sensitive services to monitor and detect any unauthorized access promptly.

In conclusion, while cybersecurity threats like this Android malware campaign continue to evolve, staying informed and adopting proactive security measures remains crucial in safeguarding personal and financial information against such malicious activities. Vigilance and awareness are key to mitigating risks posed by cyber threats in today’s digital landscape.