The malware, identified as part of the Wromba family, has already infected more than 4,400 devices, leading to fraudulent transactions totaling over Rs 16 lakh.
The scammers send deceptive e-challan messages, pretending to be from Parivahan Sewa or Karnataka Police, urging recipients to install a malicious app. This app, once installed, not only steals personal information but also enables financial fraud.
Bharat Drive: To World’s largest Solar Park with Mahindra Scorpio-N, AJAI | TOI Auto
The process begins with a seemingly urgent WhatsApp message containing a link. Clicking this link downloads a malicious APK, disguised as a legitimate application. The malware then requests extensive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app. These permissions allow the malware to intercept OTPs and other sensitive messages, enabling the attackers to access victims’ e-commerce accounts, purchase gift cards, and redeem them stealthily.
E-challan scams: How to stay safe
To safeguard against such malware threats, install apps only from trusted sources like the Google Play Store, limit app permissions, regularly review them, maintain updated systems, and enable alerts for banking and sensitive services.
To protect yourself, verify details before paying any fines. Genuine e-challans will include specific information like your vehicle registration number and the exact violation. Use official channels by visiting traffic authority websites directly rather than clicking on links in messages. Legitimate Indian government websites typically use the “.gov.in” domain. Report suspected scams to authorities to help prevent others from becoming victims.
Source Agencies