WhatsApp e-challan scam in india
A new cybersecurity threat named Maorrisbot is targeting Android users in India. This malware spreads through fraudulent traffic challan messages on WhatsApp, deceiving users into installing a malicious app. According to a report by CloudSEK, the app steals contacts, SMS messages, and device information, resulting in financial losses.
Vietnamese threat actors are targeting Indian users by sharing malicious mobile apps on the pretext of issuing vehicle challan on WhatsApp.
How the scam works?
Victims receive a WhatsApp message that appears to be a traffic challan from ‘Vahan Parivahan’ or Karnataka police. The message urges them to install an Android app (.apk file) to settle the payment. Once installed, the app becomes hidden from the home screen and requests extensive permissions, including access to contacts, SMS messages, and phone calls. The malware then steals this information and sends it to a Telegram bot managed by the attackers. The stolen data is used to make unauthorized financial transactions, such as purchasing gift cards, from the victims’ accounts.
Maorrisbot connects to a misconfigured Firebase bucket and a Telegram bot, sending the stolen data to these servers. This malware poses a serious threat by compromising personal information, intercepting OTPs, and enabling unauthorized transactions, leading to potential financial losses and ongoing privacy invasions.
What is the impact?
According to the CloudSEK report, most of the victims are from Gujarat and Karnataka, with a majority using Jio and Airtel services. More than 4,400 devices have been infected, and attackers have stolen over ₹16 lakh through fraudulent transactions.
Why it is not easy to intercept these frauds?
The attackers use proxy IPs to avoid detection and keep their transaction profile low. With the malware, they have accessed 271 unique gift cards and carried out transactions worth Rs 16,31,000. Gujarat is the most affected region, with Karnataka also significantly impacted.
How To protect from WhatsApp e-challan scam
To protect yourself from such threats
- Regularly review and limit app permissions to only what is necessary.
- Download apps exclusively from the Google Play Store or other trusted sources.
- Make sure your phone and apps are updated with the latest security patches.
- Be vigilant for any suspicious SMS activity and set up alerts for financial transactions.
- Learn to recognize phishing attempts and be cautious with messages from unknown sources.
By following these steps and staying vigilant, you can safeguard your personal information and financial data from Maorrisbot and similar malware. Always be cautious of messages requesting you to install apps or provide personal information.
FAQ’s
How does the Maorrisbot scam work?
Victims receive a WhatsApp message that appears to be a traffic challan from ‘Vahan Parivahan’ or Karnataka police. The message instructs them to install an Android app (.apk file) to pay the challan. Once the app is installed, it hides itself from the home screen and requests extensive permissions, such as access to contacts, SMS messages, and phone calls. The malware then steals this data and sends it to a Telegram bot managed by the attackers. The stolen information is used to make unauthorized financial transactions, like purchasing gift cards.
What is the impact of Maorrisbot?
The CloudSEK report indicates that most victims are from Gujarat and Karnataka, with many using Jio and Airtel services. Over 4,400 devices have been infected, and the attackers have stolen more than ₹16 lakh through fraudulent transactions. The malware’s impact is particularly severe in Gujarat, followed by Karnataka.
Why is it difficult to detect and intercept these frauds?
The attackers use proxy IPs to avoid detection and maintain a low transaction profile. They have accessed 271 unique gift cards and conducted transactions totaling Rs 16,31,000. The use of proxy IPs and the ability to keep their transaction profile low makes it challenging for authorities to trace and intercept these fraudulent activities.
How can I protect myself from the WhatsApp e-challan scam?
To protect yourself, regularly review and limit app permissions to what is absolutely necessary. Download apps only from the Google Play Store or other trusted sources. Ensure your phone and apps are updated with the latest security patches. Stay alert for suspicious SMS activity and set up alerts for financial transactions. Learn to recognize phishing attempts and be cautious with messages from unknown sources.
What should I do if I suspect I’ve been affected by Maorrisbot?
If you suspect that you’ve been affected by Maorrisbot, immediately uninstall any suspicious apps and run a security scan on your device. Change your passwords and monitor your financial accounts for any unauthorized transactions. Contact your bank or financial institution to report any suspicious activity. Additionally, consider reporting the incident to local authorities to help prevent further attacks.
Conclusion
Maorrisbot poses a serious threat to Android users in India, using fake traffic challan messages to spread malware and steal sensitive data. With over 4,400 devices affected and significant financial losses, the impact is severe, especially in Gujarat and Karnataka. To protect yourself, limit app permissions, download apps only from trusted sources, and keep your device updated. Stay vigilant and cautious of suspicious messages to safeguard your personal and financial information.
Comments are closed.