All You Need To Know About The WhatsApp E-Challan Scam Targeting Indian Users
A sophisticated Android malware campaign orchestrated by Vietnamese hackers is targeting Indian users through counterfeit traffic e-challan messages on WhatsApp, according to a report released on Wednesday.
Cybersecurity firm CloudSEK 's researchers identified this malware as belonging to the Wromba family . So far, it has compromised over 4,400 devices and facilitated fraudulent transactions totaling more than Rs. 16 lakh, attributed to a single scam operator.
"Vietnamese cybercriminals are deceiving Indian users by distributing malicious mobile apps under the guise of vehicle challan issuance on WhatsApp," said Vikas Kundu, Threat Researcher at CloudSEK.
The scammers impersonate the Parivahan Sewa or Karnataka Police in fake e-challan messages, tricking recipients into downloading a malicious app. This app then harvests personal data and enables financial fraud.
WhatsApp E-Challan Scam – Modus Operandi
By clicking the link in the WhatsApp message, users unknowingly download a malicious APK masquerading as a legitimate app. Upon installation, the malware demands extensive permissions, such as access to contacts, phone calls, SMS messages, and the capability to become the default messaging app.
The malware intercepts OTPs and other sensitive messages, allowing attackers to access victims' e-commerce accounts, purchase gift cards, and redeem them undetected.
Kundu noted that once installed, the app extracts all contacts to extend the scam to more users.
Additionally, the malware forwards all SMS messages to the attackers, enabling them to access various e-commerce and financial apps belonging to the victim.
Employing proxy IPs, the attackers evade detection and maintain a low transaction profile.
According to the report, the malware has been used to obtain 271 unique gift cards and conduct transactions amounting to Rs. 16,31,000.
Gujarat has been identified as the most impacted region, followed by Karnataka.
To safeguard against such malware threats, CloudSEK advises users to remain vigilant, install apps exclusively from trusted sources like the Google Play Store, limit app permissions, regularly review permissions, keep systems updated, and enable alerts for banking and sensitive services.