Scammers are spreading fake traffic e-challan messages on WhatsApp. These messages infect the device, leading to fraudulent transactions.
A sophisticated Android malware campaign run by Vietnamese hackers is targeting Indian users through fake traffic e-challan messages on WhatsApp, as reported on Wednesday. Researchers at cybersecurity firm CloudSEK have identified the malware as part of the Vromba family. The malware has already infected more than 4,400 devices and has resulted in fraudulent transactions worth more than Rs 16 lakh by a single scam operator.
How does the scam work?
The scammers are sending fake e-challan messages, impersonating transport services or Karnataka police, and tricking people into installing the malicious app. This app not only steals personal information but also promotes financial fraud. Clicking on the link provided in the WhatsApp message will download a malicious APK disguised as a legitimate application.
Once installed, the malware requests excessive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app. It intercepts OTPs and other sensitive messages, allowing attackers to log into victims’ e-commerce accounts, purchase gift cards, and redeem them without leaving a trace.
Why is it not easy to prevent these frauds?
The attackers use proxy IPs to avoid identification and maintain a low transaction profile. Using malware, they have gained access to 271 unique gift cards, facilitating transactions worth Rs 16,31,000. The most affected region is Gujarat followed by Karnataka.
How can you avoid these types of scams?
To avoid such malware threats, users can remain vigilant and adopt security best practices, including installing apps only from trusted sources such as Google Play Store, limiting app permissions and reviewing them regularly, maintaining updated systems, and enabling alerts for banking and sensitive services.
Vikas Kundu, threat researcher at CloudSEK, commented that “Vietnamese threat actors are targeting Indian users by sharing malicious mobile apps on WhatsApp under the pretext of issuing vehicle challans.”