Cyber Crime
Forensic Report on OTP-Stealing APK: How Uttarakhand Cyber Police Cracked the Mystery
The forensic update on the Haridwar investment scam app reveals that it exploited multiple permissions, including critical access to read and send SMS messages. This allowed the fraudsters to intercept OTPs and perform unauthorized financial transactions. Authorities have urged the public to be cautious about granting permissions to mobile apps, especially those related to financial activities.
Haridwar: The Haridwar investment scam, which duped numerous individuals out of their hard-earned money, continues to unravel as new evidence comes to light. A detailed forensic analysis of the mobile application used in the scam has revealed that the app exploited a range of permissions, enabling the fraudsters to carry out their malicious activities with alarming precision. The most concerning of these permissions were those that allowed the app to read and send SMS messages, facilitating unauthorized access to victims’ financial accounts.
The scam, which emerged earlier this year, involved perpetrators convincing victims to download a seemingly legitimate investment app. Once installed, the app requested extensive permissions that far exceeded what was necessary for its advertised functions. Unknown to the users, these permissions enabled the app to perform actions that compromised their personal and financial security.
Uttarakhand Cyber Police Busts Gang Stealing OTPs via Malicious APK File
A Scam Built on Trust
The Haridwar investment scam targeted individuals by promising lucrative returns on investments through an easy-to-use mobile application. Victims were often contacted via phone or messaging platforms, where they were persuaded to install the app to access these “exclusive” investment opportunities. The app appeared legitimate and offered a smooth user experience, which led many to trust it without questioning the extensive permissions it requested during installation.
Once installed, the app requested permissions that allowed it to access sensitive areas of the user’s phone. The forensic report has now confirmed that these permissions played a crucial role in enabling the scam.
Permissions Exploited by the App
The forensic analysis revealed that the app requested and was granted the following permissions:
– INTERNET: Allowed the app to connect to the internet, facilitating communication with remote servers controlled by the fraudsters.
– FOREGROUND_SERVICE: Enabled the app to run in the background without the user’s knowledge.
– REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: Allowed the app to bypass battery-saving measures, ensuring it remained active even when the phone was in low-power mode.
– READ_CONTACTS: Gave the app access to the user’s contact list, which could be used for further fraudulent activities or spreading the scam.
– WRITE_EXTERNAL_STORAGE / READ_EXTERNAL_STORAGE: Permitted the app to read and write data on the user’s external storage, potentially accessing or altering personal files.
– POST_NOTIFICATIONS: Enabled the app to send notifications, which could be used to disguise its malicious activities or lure the user into further traps.
– READ_PHONE_NUMBERS: Allowed the app to access the user’s phone number and related information, which could be used to personalize the scam.
– READ_PHONE_STATE / READ_PRECISE_PHONE_STATE: Provided the app with access to detailed information about the phone’s state, including network information and ongoing calls.
– RECEIVE_SMS: This critical permission allowed the app to intercept incoming SMS messages, including one-time passwords (OTPs) and other sensitive information sent by financial institutions.
– READ_SMS: Enabled the app to read the content of SMS messages, giving the fraudsters access to authentication codes and personal communications.
– SEND_SMS: Allowed the app to send SMS messages from the user’s phone, which could be used to communicate with the fraudsters’ servers or to deceive contacts in the user’s address book.
– RECEIVE_BOOT_COMPLETED: Ensured that the app automatically started when the phone was turned on, maintaining its persistent presence.
– BATTERY_STATS: Allowed the app to monitor battery usage, ensuring it remained active and undetected.
– ACCESS_NETWORK_STATE: Provided the app with information about network connections, helping it to decide when to transmit stolen data.
Impact and Warnings from Authorities
The discovery of these permissions has added a new layer of understanding to the scam, highlighting the sophisticated tactics used by the perpetrators. By gaining access to SMS messages, the app was able to intercept OTPs sent by banks and other financial institutions, allowing the fraudsters to carry out unauthorized transactions without the victims’ immediate knowledge.
Authorities have now issued strong warnings to the public, urging them to be vigilant about the permissions they grant to mobile applications, particularly those that handle sensitive data or financial transactions. Users are advised to scrutinize app permissions and to avoid installing apps from unverified sources or that request excessive access to their devices.
The forensic findings are expected to lead to further developments in the investigation, including additional arrests and the dismantling of the network behind this widespread scam.
Follow The420.in on
Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube