A highly technical Android malware campaign orchestrated by Vietnamese hackers is currently targeting Indian users via fake traffic e-challan messages on WhatsApp. Researchers from CloudSEK, a cybersecurity firm, have identified this malware as part of the Wromba family. So far, it has infected over 4,400 devices, resulting in fraudulent transactions amounting to more than ₹16 lakh by just one scam operator.
Vikas Kundu, a threat researcher at CloudSEK, reported that these scammers send messages impersonating Parivahan Sewa or Karnataka Police, tricking recipients into downloading a malicious app. Once the link in the WhatsApp message is clicked, it leads to the download of a harmful APK disguised as a legitimate application. This malware then requests excessive permissions, including access to contacts, phone calls, SMS messages, and even the ability to become the default messaging app. By intercepting OTPs and other sensitive messages, the attackers can log into victims’ e-commerce accounts, purchase gift cards, and redeem them undetected.
Kundu explained that once the app is installed, it extracts all contacts from the infected device, enabling the scam to propagate further. Additionally, all SMS messages are forwarded to the attackers, allowing them access to various e-commerce and financial apps. The attackers cleverly use proxy IPs to avoid detection and maintain a low transaction profile. The report indicates that the attackers have accessed 271 unique gift cards, conducting transactions worth ₹16,31,000. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: