WhatsApp e-challan scam: Vietnamese hackers target Indians with dangerous Android malware

A new cybersecurity threat, called Maorrisbot, is targeting Android users in India. This malware is being spread through fake traffic challan messages on WhatsApp, tricking people into installing a malicious app, according to a report by CloudSEK.

Users receive a WhatsApp message that looks like a traffic challan from the 'Vahan Parivahan' or Karnataka police. The message prompts users to install an Android app (.apk file) in order to make the payment for the chalan. Once installed, the app hides itself and cannot be seen on the home screen. The app asks for extensive permissions, including access to contacts, SMS messages, and phone calls. After installation, the malware steals contacts, SMS messages, and device information. This data is sent to a Telegram bot controlled by the attackers. The attackers use the stolen information to make financial transactions, such as purchasing gift cards, using the victims' accounts.

After installation, Maorrisbot connects to a misconfigured Firebase bucket and a Telegram bot controlled by the attackers. It sends stolen data, including contacts, SMS messages, and device information, to these servers. 

This malware can cause significant harm. Your contacts, messages, and device information are at risk. Attackers can intercept OTPs and make unauthorised transactions, leading to financial loss. Moreover, your privacy is continuously invaded as the malware monitors your SMS messages.

What is the impact?

The CloudSEK report claims the majority of the victims are from Gujarat and Karnataka, with most using Jio and Airtel services. Over 4,400 devices have been infected, and attackers have stolen over ₹16 lakh through fraudulent transactions.

To protect yourself from such threats regularly review and limit app permissions to only what is necessary. Only download apps from the Google Play Store or other trusted sources. Ensure your phone and apps are updated with the latest security patches. Be alert for any suspicious SMS activity and enable alerts for financial transactions. Educate yourself to recognise phishing attempts and be cautious of messages from unknown sources.

By following these steps and staying vigilant, you can protect your personal information and financial data from the Maorrisbot and other similar malware. Always be cautious of messages asking you to install apps or provide personal information.