Beware of a new e-challan scam spreading through WhatsApp! Vietnamese hackers are using fake traffic e-challan messages to trick users into installing malicious apps.
This campaign, associated with the Wromba malware family, has compromised over 4,400 devices and resulted in fraudulent transactions totaling more than Rs 16 lakh.
How the Scam Works
Hackers are posing as Parivahan Seva or Karnataka Police and sending fake e-challan messages via WhatsApp.
These messages lead users to download a fake app that appears legitimate. Once installed, this app steals personal information, intercepts OTPs, and commits financial fraud.
The malware gains access to contacts, phone calls, and SMS messages, and can even set itself as the default messaging app.
Threat researcher Vikas Kundu reveals that these malicious apps enable hackers to access victims’ e-commerce accounts, purchase and redeem gift cards, and carry out transactions without detection.
The scam has been particularly rampant in Gujarat and Karnataka, where the highest number of attacks have been reported.
Protection Tips
To avoid falling victim to this scam, CloudSEK advises users to:
Download Apps from Trusted Sources: Only install apps from the Google Play Store or other reputable sources.
Limit App Permissions: Regularly review and restrict app permissions to protect personal data.
Keep Software Updated: Ensure that your bank apps, smartphone operating systems, and security patches are up to date.
Stay vigilant and avoid clicking on suspicious links or downloading unverified applications.