WhatsApp e-Challan scam: How Vietnamese hackers are using ‘Maorrisbot’ to target Indians

A new scam using WhatsApp e-Challan messages and a malware called Maorrisbot is targeting Android users in India, as reported by cybersecurity firm CloudSEK. This scam is a sophisticated phishing attempt backed by an organized effort, with no reported impact on iOS or other Apple devices.

The scam operates by sending fake traffic e-Challan messages via WhatsApp, impersonating agencies like Parivahan Sewa or Karnataka Police. These messages urge recipients to pay a traffic violation fine through a provided URL or an attached APK file. Once the victim clicks on the link or installs the APK, Maorrisbot malware is downloaded onto their device, disguised as a legitimate application to deceive users.

After installation, Maorrisbot requests multiple permissions, including access to contacts, phone calls, SMS, and default messaging app status. If granted, the malware intercepts OTPs and other sensitive messages, enabling the scammers to access the victim’s e-commerce accounts, purchase gift cards, and redeem them without detection.

The hackers behind this scam are reportedly based in Vietnam, with the malware campaign being highly technical. CloudSEK’s investigation traced the hacker’s IP address to Bắc Giang Province in Vietnam and discovered that the scammers use proxy IPs and maintain a low transaction profile to avoid detection.

So far, the malware has compromised 4,451 devices, leading to the theft of over Rs. 16 lakh using 271 unique gift cards. Gujarat and Karnataka have been identified as the most affected regions in India.

To protect against this threat, CloudSEK recommends that Android users take several precautions:

• Use reputable antivirus and anti-malware software: Ensure your device is protected by installing well-known security applications.

• Limit app permissions: Regularly review and limit the permissions granted to apps on your device.

• Install apps from trusted sources only: Avoid downloading and installing apps from unknown or untrusted sources.

• Monitor for suspicious SMS activity: Be vigilant about unexpected or suspicious messages and links.

• Regularly update your device: Keep your device’s software up-to-date to protect against the latest threats.

• Enable alerts for banking and sensitive services: Set up notifications to monitor activities related to banking and other sensitive accounts.

By following these recommendations, users can reduce the risk of falling victim to such scams and protect their devices and personal information from being compromised.