A new cyber threat called ‘Maorrisbot‘ was reported in India and targets Andriod users. The Malware spread through WhatsApp through fake challan messages, this message tricks people into installing a malicious app on their devices, as reported by CloudSEK.
How does it scam People?
Android users in India receive WhatsApp messages similar to a traffic challan from the ‘Vahan Parivahan’ or Karnataka police. This message prompts users to install an unknown Andriod app (.apk) to make payment for the challan. The users who install the app fall prey to the attackers, and the app itself cannot be seen on the home screen. The app asks for permissions, including access to contacts, SMS messages, and phone calls.
After the application is installed, the mal now can easily access and steal information like SMS messages, and device information. The data collected is then sent to a Maorrisbot connects to a misconfigured Firebase bucket and a Telegram bot controlled by the attackers. This information is then used to make financial transactions, such as purchasing gift cards and using the victims’ accounts.
What data is at risk in your devices?
This malware if it gets into your devices will potentially get access to Your contacts, messages, and device information they will be at risk. The attacker then can intercept OTPs and make unauthorized transactions, leading to financial loss. The malware continuously has access to your device leading to privacy breaches where SMs are being monitored by the attackers.
Also Read: WhatsApp reportedly developing new live translation feature
Over 4,400 Devices Infected? (reported)
According to a CloudSEK report, the major affected areas are Gujarat and Karnataka. Over 4,400 devices, primarily used with Jio and Airtel services, have been infected by this malware. The attackers have stolen over ₹16 lakh through fraudulent transactions.
How to be Safe from Malware?
Now after knowing about the malware, it is important to know how to be safe.
- To be safe from this malware you need to regularly review and limit the app permissions on your devices to allow only necessary permission and block all the permissions the app does not require.
- Secondly, you need to download the safe app from the Play Store and trusted sources only and regularly update your application and your Android security patches to the latest version.
- Be attentive and educate yourself and recognize phishing attempts from SMS or messages on WhatsApp coming to your device not click any random link or install any application from this message.
- Set an alert for financial transaction activity so you’re notified whenever a transaction occurs on your account. This allows you to promptly review it and report any suspicious activity to the appropriate authorities.
Conclusion
The scammers use canning tactics to target users like the fake traffic challan messages to trick Android users into installing malicious apps. This app can steal information from your devices. It’s important to be alert and by following the safety precautions above you could be safe from such phishing attempts.