Cybercriminals have launched a sophisticated malware campaign targeting Android users by sending fake traffic violation messages via WhatsApp
Disguised as the legitimate “NextGen mParivahan” app—originally developed by the Indian Ministry of Road Transport & Highways—the malicious software mimics the official application, which provides digital services such as access to driving licenses and vehicle registration certificates.
The attack begins when victims receive convincing WhatsApp messages that appear to be official traffic violation notices. These messages often include realistic elements such as ticket numbers and vehicle registration details to enhance their credibility.
Unsuspecting users are then lured into downloading what appears to be the genuine mParivahan app. In reality, it's a malware-laden APK designed to steal sensitive personal data. According to cybersecurity researchers at Seqrite, this variant is more advanced than earlier versions, with improved stealth features and expanded data-harvesting capabilities.
In addition to its existing SMS-stealing functions, the malware now targets messages and notifications from social media platforms, communication tools, and e-commerce apps—broadening its potential for compromising user privacy. Once installed, the app requests multiple permissions, including access to SMS and system notifications.
After acquiring the necessary permissions, the malware hides its icon from the app drawer and continues to operate in the background. It intercepts messages and notifications, transmitting the stolen information to attacker-controlled command-and-control (C2) servers.
Notably, the malware exploits a difference in how various Android versions process malformed APK files. Devices running Android 9 and above can install and execute the malicious APKs, while those on Android 8.1 and earlier encounter errors. A second variant of the malware adds another layer of stealth by concealing C2 server details within a compiled .so file and generating them dynamically at runtime.
This campaign underscores how cybercriminal tactics are evolving to bypass detection and exploit user trust.
Users are strongly advised to only install apps from trusted sources such as the Google Play Store, remain cautious of unexpected messages claiming to be from government agencies, and use reliable mobile security solutions to safeguard their devices.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
