Carding 4 Carders
Professional
The malware campaign affected many countries, but the most difficult situation was for residents of India.
Cybersecurity researchers recently discovered a new malware campaign targeting India's UPI digital payment system, which is being carried out by Chinese fraudsters using fake instant loan apps. Thousands of users have already become victims of these scammers.
Such fraudulent applications attract the attention of potential victims with promises of large loans and flexible repayment terms. However, after receiving a commission, scammers disappear without a trace along with the personal data of users.
The main problem in detecting these scams is that the scammers use Chinese payment gateways, as well as Indian "money mules". This greatly affects the transparency of operations and makes investigations more difficult.
Fake apps that users voluntarily install on their smartphones to "apply for a loan" require an excessive amount of permissions, such as access to contacts, photos, and other sensitive information. However, most of the victims did not see anything suspicious in this.
According to CloudSEK, the fraud campaign reviewed by experts was conducted between July 22 and September 18, 2023. The result was the compromise of approximately 30 thousand Adhaar cards and bank accounts, 40 thousand mobile devices, and more than 37 million Indian rupees (42.6 million rubles) were stolen.
Meanwhile, the victims of the campaign were not only residents of India. Malicious activity was also recorded in Indonesia, Malaysia, South Africa, Mexico, Brazil, Turkey, Vietnam, the Philippines and Colombia. What is it worth for scammers to expand the scope of their activities, for example, to the CIS countries?
Sparsh Kulshreshta, senior security analyst at CloudSEK, noted that scammers quite often use Chinese payment gateways due to their relative ease of use and limited regulation.
To combat such threats, enhanced cooperation between banks and other authorities is required, which is not always possible to achieve in the desired form. According to experts, the main focus for preventing this kind of fraud should be on ensuring the security of UPI and taking additional security measures to protect users.
Cybersecurity researchers recently discovered a new malware campaign targeting India's UPI digital payment system, which is being carried out by Chinese fraudsters using fake instant loan apps. Thousands of users have already become victims of these scammers.
Such fraudulent applications attract the attention of potential victims with promises of large loans and flexible repayment terms. However, after receiving a commission, scammers disappear without a trace along with the personal data of users.
The main problem in detecting these scams is that the scammers use Chinese payment gateways, as well as Indian "money mules". This greatly affects the transparency of operations and makes investigations more difficult.
Fake apps that users voluntarily install on their smartphones to "apply for a loan" require an excessive amount of permissions, such as access to contacts, photos, and other sensitive information. However, most of the victims did not see anything suspicious in this.
According to CloudSEK, the fraud campaign reviewed by experts was conducted between July 22 and September 18, 2023. The result was the compromise of approximately 30 thousand Adhaar cards and bank accounts, 40 thousand mobile devices, and more than 37 million Indian rupees (42.6 million rubles) were stolen.
Meanwhile, the victims of the campaign were not only residents of India. Malicious activity was also recorded in Indonesia, Malaysia, South Africa, Mexico, Brazil, Turkey, Vietnam, the Philippines and Colombia. What is it worth for scammers to expand the scope of their activities, for example, to the CIS countries?
Sparsh Kulshreshta, senior security analyst at CloudSEK, noted that scammers quite often use Chinese payment gateways due to their relative ease of use and limited regulation.
To combat such threats, enhanced cooperation between banks and other authorities is required, which is not always possible to achieve in the desired form. According to experts, the main focus for preventing this kind of fraud should be on ensuring the security of UPI and taking additional security measures to protect users.
