Indian users are falling prey to a sophisticated scam involving fake e-challans delivered through WhatsApp, warns a recent report by CloudSEK, a leading cybersecurity firm. According to the report, scammers from a Vietnamese hacker group are orchestrating the scheme to steal personal data and money from unsuspecting victims.
The Modus Operandi
The scam begins with users receiving messages purportedly from Parivahan Sewa or Karnataka Police, issuing fake traffic violation fines. These messages contain links that, once clicked, prompt the download of a malicious Android application package (APK). Once installed, the malicious app requests extensive permissions, including access to contacts, SMS messages, and the ability to manipulate default messaging settings.
The Consequences
The malware, identified as part of the Wromba family, has already infected more than 4,400 devices nationwide. It operates by intercepting sensitive information like one-time passwords (OTPs), enabling hackers to compromise victims’ e-commerce accounts. Fraudulent transactions, primarily involving gift card purchases, have resulted in losses exceeding ₹ 16 lakhs.
Impact and Detection Challenges
Although users across India have been affected, Gujarat and Karnataka have reported the highest number of victims. The perpetrators, located in Báºïc Giang Province, Vietnam, use proxy IPs to evade detection, complicating law enforcement efforts.
Protecting Yourself
Vikas Kundu from CloudSEK emphasises the importance of proactive security measures:
- Use Antivirus Software: Install reputable antivirus and anti-malware software on your devices.
- Review App Permissions: Regularly audit and restrict app permissions to minimise exposure.
- Download from Trusted Sources: Only download applications from official sources like the Google Play Store.
- Keep Software Updated: Ensure your device’s operating system and apps are regularly updated to patch vulnerabilities.
- Monitor SMS Activity: Employ tools that monitor and alert you to suspicious SMS activity.
- Enable Account Alerts: Set up notifications for banking and other critical services to detect unauthorised access.
- Promote Awareness: Educate yourself and others about the risks associated with unverified apps and phishing attempts.
By adopting these proactive measures, individuals can significantly mitigate the risk of falling victim to such sophisticated cyber threats. Stay vigilant and informed to safeguard your personal information from malicious actors.