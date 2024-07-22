In short Simplifying... In short A WhatsApp scam involving a malicious app disguised as a traffic fine notification has duped over 4,400 people, causing financial losses exceeding ₹16L.

Scam reportedly originates from Bac Giang Province in Vietnam

WhatsApp e-Challan scam: Over 4,400 duped, financial losses exceed ₹16L

By Akash Pandey 05:48 pm Jul 22, 2024

What's the story Indian smartphone users have been hit by a significant malware attack disguised as traffic e-Challan messages on WhatsApp. The cybersecurity firm CloudSEK revealed the scam, which has reportedly affected over 4,400 devices and resulted in financial losses exceeding ₹16 lakhs. Fraudsters impersonating officials from Parivahan Sewa or Karnataka Police are behind this scam, sending counterfeit traffic fines to trick people into downloading a malicious app linked to the Wromba malware family.

Scam mechanics

Malicious app steals personal information, enables financial fraud

The malicious app is designed to steal personal information and facilitate financial fraud. According to CloudSEK researchers, attackers send fake traffic fine messages via WhatsApp containing a link. This link downloads a harmful app disguised as a legitimate one. Once installed, the app requests extensive permissions such as access to phone calls, contacts, and SMS messages. These permissions enable the malware to intercept sensitive information and OTPs.

Evasion tactics

Scammers use sophisticated techniques to avoid detection

The attackers use proxy IPs to avoid detection and keep transactions small to avoid attracting attention. To date, they have accessed 271 unique gift cards, with Karnataka and Gujarat being the most affected regions. The malware is technically sophisticated; it hides in the device's settings making it difficult to detect. Its code is heavily encrypted to evade analysis, and stolen data is sent to Telegram with additional settings stored in Firebase buckets.

Information

Vietnamese threat actors suspected, CloudSEK provides safety recommendations

The research indicates that the attackers are based in Bac Giang Province in Vietnam. To guard against such threats, CloudSEK recommends using reliable antivirus and anti-malware software, limiting and regularly reviewing app permissions, and only installing apps from trustworthy sources like Google Play Store.