Android users in India are being targeted by a new malware called Maorrisbot, which spreads through deceptive traffic challan notifications on WhatsApp. This malicious application steals contacts, SMS messages, and device details, potentially causing financial harm.

According to a report by CloudSEK, there is a new cybersecurity threat known as Maorrisbot to be aware of. This threat is scamming Android users in India through deceptive traffic challan messages on WhatsApp by tempting them into installing a malicious app.

Users receive a WhatsApp message paralleling a traffic challan from ‘Vahan Parivahan’ or Karnataka police, prompting them to install an Android app (.apk.file) to pay the payment. Once installed, the app conceals itself from the home screen and requests extensive permissions, including access to contacts, SMS messages, and phone calls. Subsequently, the malware steals this information and sends it to a Telegram bot controlled by the attackers to conduct financial transactions, such as buying gift cards, through the victims accounts.

Upon installation, Maorrisbot establishes connections to a misconfigured Firebase bucket and a telegram bot under the control of the attackers. It then transmits stolen data, surrounding contacts, SMS messages and device details, to these servers. 

This malware poses serious risks, threatening your contacts, messages, and device information. Attackers can snatch OTPs and conduct unauthorized transactions, resulting in financial losses. Furthermore, your privacy is constantly violated as the malware monitors your SMS messages.

The Consequences of the Thread: 

The CloudSEK report says, most of the victims are located in Gujarat and Karnataka, mainly Jio and Airtel service users. The malware has infected over 4,400 devices, resulting in attackers stealing more than 16 lakhs Indian rupees through fraudulent transactions.

To safeguard against these threats, consistently review and restrict app permissions to required functions only. Obtain apps solely from credible sources like the Google Play Store. Keep your phone and apps updated with the latest security patches. Stay vigilant for any unusual SMS behavior and activate alerts for financial transactions. Educate yourself to identify spoofing attempts and exercise caution when receiving messages from unfamiliar senders. 

By executing these actions and remaining alerts, you can safeguard your personal information and financial data from threats like Maorrisbot and similar malware. WIth this, one has be cautious with messages that request app installations or personal information.