![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![Why modern UI is rarely written in C++? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![Pixel 9a vs. Pixel 8a: The A-series is all grown up [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/Pixel-8a-and-Pixel-9a-wide.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Apple Posts Full First Episode of 'Your Friends & Neighbors' on YouTube [Video]](https://www.iclarified.com/images/news/96990/96990/96990-640.jpg)
![Apple May Implement Global iPhone Price Increases to Mitigate Tariff Impacts [Report]](https://www.iclarified.com/images/news/96987/96987/96987-640.jpg)
Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data
Cybercriminals have launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp. The malware, disguised as “NextGen mParivahan,” mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital access to driving licenses, vehicle registration certificates, and other transport services. The attack begins with […] The post Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data appeared first on Cyber Security News.
Cybercriminals have launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp.
The malware, disguised as “NextGen mParivahan,” mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital access to driving licenses, vehicle registration certificates, and other transport services.
The attack begins with users receiving WhatsApp messages claiming to be official traffic violation alerts.
These messages include convincing details such as ticket numbers and vehicle registration information to appear legitimate.
Users are then tricked into downloading what appears to be the official mParivahan app but is actually malicious software designed to steal sensitive data.
.webp)
Seqrite researchers identified that this latest variant represents a significant evolution from previous versions, with enhanced capabilities for stealth and data theft.
“The malware not only retains its SMS-stealing features but has expanded its reach to target messages from social media, communication, and e-commerce apps, posing an even greater threat to user privacy,” noted Seqrite’s security team.
Once installed, the malware requests extensive permissions, including access to SMS messages and notifications.
After gaining these permissions, it hides its icon from the app drawer while continuing to run in the background. The malware then captures incoming messages and notifications, uploading them to command-and-control servers controlled by the attackers.
.webp)
What makes this malware particularly concerning is its multi-stage approach. The initial dropper application prompts users to update, then requests permission to install from unknown sources. Once granted, it installs the payload APK, which executes the actual malicious functionality.
The most sophisticated aspect of this malware variant is its advanced anti-analysis techniques.
The attackers have intentionally crafted malformed APK files that bypass traditional security tools while still functioning on newer Android devices.
Most analysis tools fail to decompile or extract information from these files due to an invalid compression method value of 0x1998 (decimal 6552), which is unsupported by the ZIP format.
Common tools such as Apktool, Jadx, Androguard, and Bytecode Viewer all fail with similar errors:-
Exception in thread "main" brut.androlib.exceptions.AndrolibException:
brut.directory.DirectoryException: ZipException:
invalid CEN header (bad compression method: 65201)The malware exploits differences in how Android OS handles these malformed files compared to analysis tools.
While Android 9 and newer versions can successfully install and run these APKs, Android 8.1 and earlier fail with errors like:-
adb: failed to install e_challan_report.apk: Failure
[INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION: Failed to parse
/data/app/vmdl2005240909.tmp/base.apl: Corrupt XML binary file]Further complicating detection, the second variant of this malware employs a stealthier command-and-control mechanism by hiding server details within a compiled .so file and dynamically generating them at runtime, as shown in the following code:-
System.loadLibrary("bunny_coban");
public final native String bunnyLovesCarrot();
public final native String hiddenDandelion();
public final native String secretAcorn();This sophisticated malware campaign demonstrates the evolving tactics employed by cybercriminals.
Users are advised to download applications only from trusted sources like Google Play Store, be cautious of unexpected messages claiming to be from government services, and employ reputable security solutions to protect their devices.
Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial
The post Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data appeared first on Cyber Security News.
