Fraudulent IRCTC apps are out to steal your data—only use the official IRCTC app or website for bookings.

Quick Heal / 2 months
September 23, 2024
0
2 min read

Source: Victim receives APK on WhatsApp or Telegram

The Fake IRCTC app portrays itself as the legitimate IRCTC original app but is in reality a full-fledged spyware that spies on victims with ease. This fake app spyware is able to perform the following actions:

- Steal Facebook and Google account credentials

- Use accessibility to extract codes from Google Authenticator

- Track GPS and network location

- Use the Camera API to record and send videos

- Gather Installed Applications’ Information on the mobile device

- Send all collected information to a C2 server, after which it can obfuscate to hide the host

This fake app tries to obtain the following permissions on a mobile device:

Behind the scenes, this malware performs a number of malicious activities simultaneously, like stealing location and installed application data. This is a common scenario in cybersecurity frauds.

Impact

- Steal Facebook and Google account credentials

- Use accessibility to extract codes from Google Authenticator

- Track GPS and network location

- Use the camera API to record and send videos

- Gather installed applications’ information on the mobile device

- Send all collected information to a C2 server, after which it can obfuscate to hide the host

This type of cyber security fraud is a growing concern, as highlighted in online scams in cyber security reports.

Precautions

- Do not install this malicious application and keep yourself safe from such fraudsters.

- Always download IRCTC’s authorized ‘IRCTC Rail Connect’ mobile app from Google Play Store or Apple Store.

- Please note that IRCTC does not call its users/customers for their PIN, OTP, Password, Credit/Debit Card Details, Net Banking password, or UPI details.