Online Fraud Cases Through Mirroring Government Application
The online vehicle service application mParivahan, which is mainly used for e-challan management, is in the news all over these days. This scam came to light when a Mumbai professional’s money disappeared from a fake copy of the mParivahan application and he used post this incident on X platform.
Online Scam Cases
This is not the only case, nor is it the only government app that cyber criminals are copying. Many such incidents of financial loss related to government applications have come to light. To understand this in depth, Official cyber commando team has searched the web for the dangerous APK (Android Package Kit) file that is duping users and did malware analysis.
What is the method of cheating?
It revealed how the scam starts with a WhatsApp message from an Indian number, which contains a credible looking message with a fake APK file and the victim’s vehicle number. As soon as you used to install it, the application asks for access to your contacts, call logs and messages, storage giving the hackers full control over all your mobile data. Moments later, illegal transactions begin without any warning or your permission.
The crooks also steal your data
Once you fall into this trap, how does your important data end up in the hands of crooks, as if it’s not a big deal? Official authority has downloaded this infected application and did an in-depth malware analysis. The APK file was uploaded to malware scanning platform named VirusTotal, which flagged Trojans like BankBot.FTNA.Gen and RewardSteal. These malware are mainly designed to steal sensitive data of users.
Fake apps are copies of the original
The fake APK file is an almost identical copy of the original mParivahan application but with minor changes that trick you into giving access to your phone functions like calls, storage and SMS. On the back end, it used to extracts your personal data and sends it to fraudsters via secret Telegram or any other bots.
In earlier report official authorities has exposed a ‘Vahan Parivahan’ APK that intercepted OTPs and carried out fake e-commerce transactions frequently. But this new copy is even more dangerous. Its aim is to steal Aadhaar related credentials and banking data. It takes advantage of the device’s permissions to access local files and its storage, mainly increasing the risk of sensitive data theft.
Fraud With Government Application
Once the device is got infected, attackers get access to SMS, contacts and call, storage. The malware automatically creates a fake login screens, intercepts OTPs, and extracts important documents like Aadhaar number. Now all the data is sent through secret Telegram bots, leading to rapid financial fraud.
Online Fraud With Banking Applications
Attackers can monitor all banking and payment applications already installed on the device. The impact of this scam is not just limited to the initial victim. By hijacking chats and OTPs, cyber criminals can also target the victim’s family, relative and contacts, trying to steal money from them as well.
This is not just a theoretical threat. In a recent case in Bengaluru, both the victim and his wife faced an illegal transaction attempt. Zimperium, a US-based mobile security firm, had previously reported a similar trend where malware is spread through WhatsApp in the form of APK files that imitate government or banking applications. Once installed, these fake applications trick users into giving away their financial and personal information easily.
Indian customers are being targeted
The zLabs research team discovered about 900 malware samples that primarily targeted for Indian customers who are using net banking and mobile banking applications. Their analysis found shared code structures, user interface elements, and application logos, indicating a coordinated effort by the same threat actor to target mobile devices running Android Operating System. The researchers also found 222 exposed Firebase storage buckets containing 2.5 GB of stolen personal and financial data, showing the scale of this threat.