How Hackers Use Bot to Target Indians in WhatsApp E-Challan Scam
WhatsApp e-Challan scams are targeting users in India using Maorrisbot, a new form of technical malware, according to a cybersecurity firm. This is a relatively new type of scam that is reportedly supported by a large, organized effort. So far, the malware is said to only affect Android devices and has not been seen to impact iOS or other Apple devices. The scam starts out as a typical phishing scam, but once the malware is installed on the victim’s device, it acts as a trojan.
WhatsApp e-Challan scam using Maorrisbot to target Indian users
A new CloudSEK report describes how a new malware called Maorrisbot is being used by hackers in Vietnam. The company states that a highly technical Android malware campaign is currently being used to target users in India via fake traffic e-Challan messages distributed via WhatsApp.
Initially, the scammers pose as Parivahan Sewa or Karnataka Police and send messages to people asking them to pay their challan (traffic fine). These messages contain details of a fake e-Challan message and a URL or an attached APK file.
The scammers trick the victim into clicking on the link to pay the fine, and once that is done, the Maorrisbot is downloaded onto the device. However, the report states that it is disguised as a legitimate application, which could mislead unwary users.
The fraudulent message sent to victims by the hackers
Photo credit: CloudSEK
Once installed, the malware starts asking for multiple permissions, such as access to contacts, phone calls, text messages, and even to become the default messaging app. If the user allows these permissions, the malware starts intercepting OTPs and other sensitive messages. It can also use the data to log into the victim’s e-commerce accounts, buy gift cards, and redeem them without leaving a trace.
The cybersecurity firm also discovered that the scammers are using proxy IPs and maintaining a low transaction profile to avoid detection. The researchers believe the attackers are Vietnamese based on conversations and IP location — the alleged hacker’s IP address was traced to Bắc Giang Province in Vietnam.
CloudSEK claims that 4,451 devices are known to have been compromised after installing the malware. The hackers reportedly used 271 unique gift cards to steal over Rs. 16 lakh from victims. Gujarat and Karnataka have been identified as the most affected regions.
The security firm advises Android users to use reputable antivirus and anti-malware software, limit app permissions and check them regularly, and only install apps from trusted sources. The company also emphasizes monitoring suspicious SMS activity, updating the device regularly, and enabling alerts for banking and sensitive services.
