Key Points:
- The Scam: Cybercriminals are sending SMS and WhatsApp messages with a malicious link titled “RTO e-challan.apk,” which installs malware on phones.
- How it Works: Once installed, the malware gives hackers remote access to the victim’s phone, allowing them to steal banking details, intercept OTPs, and drain bank accounts.
- Recent Victim: A bullion trader in Gondia lost ₹5 lakh after clicking the fake link and installing the app, which led to an immediate unauthorized IMPS transfer.
- Official Warning: Authorities have clarified that government departments like the RTO and traffic police never send payment links or APK files via SMS or WhatsApp.
- Safe Payment: All genuine traffic violation fines should be verified and paid only through the official government portal: echallan.parivahan.gov.in.
Gondia (Maharashtra): A dangerous new cyber fraud is targeting vehicle owners across the country, using fake traffic e-challan notifications to install malware and empty bank accounts. Cybercriminals are sending messages via SMS and WhatsApp that contain a link to download a malicious file named “RTO e-challan.apk.” Unsuspecting victims who click the link and install the file are losing lakhs of rupees within minutes.
The scam has prompted police and RTO officials to issue urgent public warnings, advising citizens to never click on unsolicited links and to use only official government websites for all challan-related payments.
Gondia Trader Loses ₹5 Lakh in Minutes
The latest victim of this scam is Vivek Agarwal, a 49-year-old bullion trader from Gondia, Maharashtra. Agarwal received a message with the fake APK link. Believing it to be a genuine traffic fine, he clicked on it and installed the application. Almost immediately, his phone was compromised. He then received a message from his bank alerting him that ₹5 lakh had been transferred from his current account via an IMPS transaction.
This is not an isolated incident. Similar cases have been reported across India, including in Vadodara, Mumbai, and Lucknow, where victims have lost substantial amounts of money after installing the malware. Even police officers have fallen prey to the scam, losing a total of ₹10 lakh in Mumbai recently.
How the “RTO e-challan.apk” Malware Works
Cybersecurity experts explain that the scam is dangerously effective because it preys on the fear and urgency associated with official fines. Here’s how it operates:
- Fake Message: The victim receives an SMS or WhatsApp message that looks like an official notification from the RTO or traffic police, containing a link to download an APK file.
- Malware Installation: The user, believing it’s a legitimate app to pay the challan, installs the file. The app often mimics the official mParivahan app’s interface.
- Permissions Hijack: During installation, the malware requests extensive permissions (access to SMS, contacts, storage). Once granted, it gives hackers complete remote control over the device.
- Data Theft: The hackers can now read SMS messages to intercept OTPs, monitor screen activity, access banking apps, and steal stored financial credentials.
- Unauthorized Transactions: Using the stolen data, the criminals execute high-value transactions, draining the victim’s bank account before they can react.
How to Stay Safe: Official Guidance
Authorities have issued clear guidelines to protect citizens from this fraud:
- Never Click Links: The RTO and traffic police do not send payment links or ask you to download apps via SMS or WhatsApp. Delete such messages immediately.
- Verify on Official Portal: To check if you have a pending challan, always visit the official government website: echallan.parivahan.gov.in. You can verify a challan using your vehicle number or driving license number.
- Report Suspicious Activity: If you receive a suspicious message or have been a victim of this scam, immediately report it to the National Cyber Crime Helpline at 1930 or on the portal cybercrime.gov.in.
