E-challan scam in India hits 4,400 devices, Rs 16 lakh stolen: Safety tips – Times of India



Indian smartphone users are falling prey to a sophisticated Android malware campaign run by Vietnamese hackers, who are using fake traffic e-challan messages on WhatsApp to gain access to devices. Gujarat has been identified as the most affected region, followed by Karnataka. This alarming trend was highlighted in a report by cybersecurity firm CloudSEK, reported PTI.
The malware, identified as part of the Wromba family, has already infected more than 4,400 devices, leading to fraudulent transactions totaling over Rs 16 lakh.
The scammers send deceptive e-challan messages, pretending to be from Parivahan Sewa or Karnataka Police, urging recipients to install a malicious app. This app, once installed, not only steals personal information but also enables financial fraud.

Bharat Drive: To World’s largest Solar Park with Mahindra Scorpio-N, AJAI | TOI Auto

The process begins with a seemingly urgent WhatsApp message containing a link. Clicking this link downloads a malicious APK, disguised as a legitimate application. The malware then requests extensive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app. These permissions allow the malware to intercept OTPs and other sensitive messages, enabling the attackers to access victims’ e-commerce accounts, purchase gift cards, and redeem them stealthily.
E-challan scams: How to stay safe
To safeguard against such malware threats, install apps only from trusted sources like the Google Play Store, limit app permissions, regularly review them, maintain updated systems, and enable alerts for banking and sensitive services.
To protect yourself, verify details before paying any fines. Genuine e-challans will include specific information like your vehicle registration number and the exact violation. Use official channels by visiting traffic authority websites directly rather than clicking on links in messages. Legitimate Indian government websites typically use the “.gov.in” domain. Report suspected scams to authorities to help prevent others from becoming victims.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *