What is the WhatsApp e-challan scam: Vietnamese hackers attack Indians with harmful Android malware

A new cybersecurity threat named Maorrisbot is targeting Android users in India, as reported by CloudSEK. This malware is being spread through fake traffic challan messages on WhatsApp, deceiving people into installing a harmful app.

Here’s how it works: users receive a WhatsApp message that looks like it’s from the ‘Vahan Parivahan’ or Karnataka police, asking them to install an Android app (.apk file) to pay for a traffic challan. Once the app is installed, it hides itself and isn’t visible on the home screen. It then requests extensive permissions, such as access to contacts, SMS messages, and phone calls. After installation, the malware steals contacts, SMS messages, and device information. This stolen data is sent to a Telegram bot controlled by the attackers, who use it to make financial transactions like purchasing gift cards with the victims’ accounts.

Once installed, Maorrisbot connects to a misconfigured Firebase bucket and a Telegram bot, sending stolen data to these servers. The malware can cause significant harm by putting your contacts, messages, and device information at risk. Attackers can intercept OTPs and make unauthorized transactions, leading to financial losses and continuous invasion of your privacy as the malware monitors your SMS messages.

According to the CloudSEK report, most victims are from Gujarat and Karnataka, primarily using Jio and Airtel services. Over 4,400 devices have been infected, and attackers have stolen over ₹16 lakh through fraudulent transactions.

 

How to Protect Yourself

To protect yourself from such threats:

  1. Review and Limit App Permissions: Regularly check app permissions and limit them to only what is necessary.
  2. Download from Trusted Sources: Only download apps from the Google Play Store or other trusted sources.
  3. Update Regularly: Ensure your phone and apps are updated with the latest security patches.
  4. Be Alert: Watch for any suspicious SMS activity and enable alerts for financial transactions.
  5. Educate Yourself: Learn to recognize phishing attempts and be cautious of messages from unknown sources.

By following these steps and staying vigilant, you can protect your personal information and financial data from Maorrisbot and similar malware. Always be cautious of messages asking you to install apps or provide personal information.