Vietnamese Hackers Target Indians With Fake WhatsApp E-Challan Scam, Stealing Personal Data And Funds
Vietnamese Hackers Target Indians With Fake WhatsApp E-Challan Scam, Stealing Personal Data And Funds
These scammers target Indian users with the intention of stealing personal data and committing financial fraud by deceiving them into installing a malicious application.
A Vietnamese hacker group has recently sent phony e-challan messages via WhatsApp, as revealed in a recent report by CloudSEK, a prominent cybersecurity firm. These scammers target Indian users with the intention of stealing personal data and committing financial fraud by deceiving them into installing a malicious application.
How the Scam Works?
The scammers issue fictitious traffic violation penalties by sending messages that impersonate authorities from Parivahan Sewa or Karnataka Police. The message contains a link that, upon clicking, initiates the installation of a malicious APK (Android application package).
Upon installation, this application requests a wide range of permissions, including the capacity to become the default messaging app, and access to contacts, phone calls, and SMS messages. This level of access enables the malware to execute a variety of malicious operations undetected.
The Damage Done
The malware, which has been classified as a member of the Wromba family, has infected more than 4,400 devices. Its primary function is to intercept one-time passwords (OTPs) and other sensitive communications, thereby allowing the hackers to access the e-commerce accounts of victims. The hackers conceal any direct fund transfers by purchasing gift cards and redeeming them once they have gained access to these accounts. These fraudulent transactions have totaled more than Rs. 16 lakhs to date.
Who is Affected?
Gujarat has reported the maximum number of victims, despite the fact that users throughout India have been targeted. followed by Karnataka. The hackers, who are traced back to Bá’ïc Giang Province in Vietnam, employ proxy IP addresses to elude detection, which complicates efforts to trace and halt their activities.
Protecting Yourself
In order to prevent falling victim to such scams, it is advisable to observe the following security recommendations:
- Use Antivirus Software: Detect and eliminate malicious applications by installing and maintaining reputable antivirus and anti-malware software on your device.
- Review App Permissions: Consistently verify and limit the permissions of applications to guarantee that they do not have access to anything beyond what is strictly essential.
- Install Trusted Apps: To mitigate the danger of downloading malicious software, it is recommended that you only download applications from official sources, such as the Google Play Store.
- Stay Updated: To take advantage of the most recent security updates, ensure that your device’s operating system and applications are up-to-date.
- Monitor SMS Activity: Make use of tools that can identify and notify you of any suspicious SMS activity.
- Enable Account Alerts: Establish notifications for banking and various other sensitive services to alert you of any unusual activity.
- Raise Awareness: Build a more informed and cautious community by educating yourself and others about the risks of unverified apps and phishing attempts.
Stay Safe
Users can substantially mitigate the risk of infection and safeguard their personal information from malicious actors by implementing these security protocols. It is essential to remain vigilant and cautious in order to protect against the sophisticated cyber hazards that are present. In order to prevent falling prey to these scams, it is imperative to confirm the authenticity of communications and exercise caution when encountering any suspicious links or attachments.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
READ MORE ARTICLE HERE