WhatsApp e-Challan scam: Over 4,400 duped, financial losses exceed ₹16L
Indian smartphone users have been hit by a significant malware attack disguised as traffic e-Challan messages on WhatsApp. The cybersecurity firm CloudSEK revealed the scam, which has reportedly affected over 4,400 devices and resulted in financial losses exceeding ₹16 lakhs. Fraudsters impersonating officials from Parivahan Sewa or Karnataka Police are behind this scam, sending counterfeit traffic fines to trick people into downloading a malicious app linked to the Wromba malware family.
Malicious app steals personal information, enables financial fraud
The malicious app is designed to steal personal information and facilitate financial fraud. According to CloudSEK researchers, attackers send fake traffic fine messages via WhatsApp containing a link. This link downloads a harmful app disguised as a legitimate one. Once installed, the app requests extensive permissions such as access to phone calls, contacts, and SMS messages. These permissions enable the malware to intercept sensitive information and OTPs.
Scammers use sophisticated techniques to avoid detection
The attackers use proxy IPs to avoid detection and keep transactions small to avoid attracting attention. To date, they have accessed 271 unique gift cards, with Karnataka and Gujarat being the most affected regions. The malware is technically sophisticated; it hides in the device's settings making it difficult to detect. Its code is heavily encrypted to evade analysis, and stolen data is sent to Telegram with additional settings stored in Firebase buckets.
Vietnamese threat actors suspected, CloudSEK provides safety recommendations
The research indicates that the attackers are based in Bac Giang Province in Vietnam. To guard against such threats, CloudSEK recommends using reliable antivirus and anti-malware software, limiting and regularly reviewing app permissions, and only installing apps from trustworthy sources like Google Play Store.
