https://www-indiatoday-in.cdn.ampproject.org/v/...
In Short
Scammers send fake e-challan messages pretending to be from Parivahan Sewa or Karnataka Police
The malware, part of the Wromba family, has infected over 4,400 devices
Gujarat has the highest number of victims, followed by Karnataka
Have you also received e-challan on WhatsApp? If you have, don’t rush to pay the fine as it could be a trap laid by hackers to syphon off your hard-earned money. A recent report by CloudSEK, a top cybersecurity firm, has revealed a worrying trend. Scammers from a Vietnamese hacker group are targeting Indian users with fake e-challan messages on WhatsApp. These messages trick recipients into downloading a malicious app, leading to personal data theft and financial fraud.
How the Scam Works
The scammers send messages pretending to be from the Parivahan Sewa or Karnataka Police, issuing fake traffic violation fines. When users click on the provided link, it prompts the download of a malicious APK (Android application package). This app, once installed, asks for numerous permissions such as access to contacts, phone calls, SMS messages, and even the ability to become the default messaging app.
The Damage Done
This malware, part of the Wromba family, has already infected over 4,400 devices. It intercepts one-time passwords (OTPs) and other sensitive messages, allowing the hackers to access victims' e-commerce accounts. They then purchase gift cards and redeem them, leaving no trace of direct fund transfers. So far, these fraudulent transactions have amounted to over Rs. 16 lakhs.
Who is affected?
While the scam has impacted users across India, Gujarat has seen the highest number of victims, followed by Karnataka. The attackers, identified as being from Báºïc Giang Province in Vietnam, use proxy IPs to avoid detection, making their operations harder to trace.
Protecting Yourself
To avoid falling victim to such scams, consider these tips:
--Use Antivirus Software: Keep reputable antivirus and anti-malware software installed on your device.
--Review App Permissions: Regularly check and limit app permissions.
--Install Trusted Apps: Only download apps from official sources like the Google Play Store.
--Stay Updated: Ensure your device’s operating system and apps are up to date.
--Monitor SMS Activity: Use tools to detect and alert you to suspicious SMS activity.
--Enable Account Alerts: Set up alerts for banking and other sensitive services.
Raise Awareness: Educate yourself and others about the risks of unverified apps and phishing attempts.
By adopting these security practices, you can significantly reduce the risk of infection and protect your personal information from malicious actors. Stay alert and cautious to safeguard against such sophisticated cyber threats.
Maybe useful article.
VU+ for the nice awareness for many to get aware of :) good to learn this on timely way:) before getting trapped:)
2
