Our dependence on social media and the internet is growing by the day. Scammers across the world are using this dependence for their own benefit. A new cyber scam has emerged, and it is particularly targeting Android users. The scam is being played out via WhatsApp and is related to vehicular challans. Let me tell you more about it.
WhatsApp e-Challan scams are targeting Android users in India. A report by CloudSEK reveals the same. For this scam, hackers are using a sophisticated malware called Maorrisbot. It is mostly used by hackers based out of Vietnam.
So the fraudsters impersonate Indian traffic authorities, like Parivahan Sewa or Karnataka Police. Then they use WhatsApp to send messages to targets. The messages claim that the user owes a challan for a traffic violation. Now, the message also includes a fake e-Challan notice along with a malicious URL or an APK file attachment.
Most users feel that these messages are legit and end up clicking on the link or downloading the APK file to clear off their challans. Once they do that, Maorrisbot malware is installed on their devices. The malware acts like a proper app and doesn’t seem fishy. It then requests for various permissions, including access to contacts, phone calls, SMS, and even to become the default messaging app.
If users give these permissions to the app, then it can read users’ OTPs other sensitive messages, and personal data. With this, scammers can easily access users’ bank accounts and all without being caught.
As per the CloudSEK report, these scammers maintain a low transaction profile and use proxy IPs to avoid being traced. Investigations have traced the hackers’ IP address to Bắc Giang Province in Vietnam. Further, the report revealed that 4,451 devices have been compromised by Maorrisbot.
Scammers have stolen over Rs 16 lakh rupees and Gujarat and Karnataka are the most affected regions.
