CERT-In has reported a coordinated Android malware campaign targeting Indian users that uses fake eChallan and RTO Challan SMS alerts to trick victims into downloading malicious APKs. The multi-stage dropper installs hidden payloads that request sensitive permissions, can establish VPNs to intercept traffic, and lead to financial theft via fake RTO or banking payment pages. #eChallan #Parivahan
Keypoints
- Attackers send SMS alerts posing as eChallan or RTO Challan notices to lure victims into clicking links.
- Malicious APKs (e.g., RTO Challan.apk, RTO E Challan.apk, MParivahan.apk) act as droppers that deploy hidden payloads after installation.
- Installed malware aggressively requests permissions for SMS, calls, background activity, and VPN access to maintain persistence and intercept traffic.
- Fake portals and payment pages harvest card details and login credentials without using legitimate payment gateways.
- Investigations found shared backend infrastructure hosting dozens of phishing domains impersonating eChallan, Parivahan, DTDC, Delhivery, and related services.
Read More: https://thecyberexpress.com/android-malware-campaign-rto-challan/