🚨 UPSC EXAM NOTES presents the November edition of our comprehensive monthly guide. Access it  to enhance your preparation. We value your input - share your thoughts and recommendations in the comments section or via email at Support@upscexamnotes.com 🚨

Critical Topics and Their Significance for the UPSC CSE Examination on November 04, 2024

Daily Insights and Initiatives for UPSC Exam Notes: Comprehensive explanations and high-quality material provided regularly for students

How cyber scams use social engineering and malicious APKs to swindle users?

For Preliminary Examination: Current events of national and international Importance

For Mains Examination: GS III - Science & Technology

Context:

In mid-October, traveller Bhargavi Mani claimed that she lost close to ₹1 lakh while trying to book lounge access at the Bengaluru airport. The scam was allegedly executed after Ms. Mani was asked to download an APK (Android Package format) file that looked like a regular app, shared via a WhatsApp chat originating from an international number.

Read about:

Cyber Crime

Cyber Slavery

Key takeaways:

The harmful APK became operational after Ms. Mani clicked on a link that allowed screen mirroring access to a supposed customer service representative during a video call. Upon reviewing her credit card statement later, she discovered an unauthorized charge of ₹87,125 to a PhonePe account. Although further transactions were attempted, they were blocked as her card had reached its spending limit. Additionally, Ms. Mani reported that her contacts could not reach her, and a man was answering her calls, possibly due to malicious call forwarding.

How do cybercriminals exploit Big Tech platforms?

• Ms. Mani indicated that she was directed to download the harmful app from a fraudulent website that has since been taken down. The URL she received was “Loungepass.in,” shared via a WhatsApp business account, which was registered to a phone with an international number. She noted that this fake site was among the top search results on Google, highlighting deficiencies in the verification process for major businesses listed online.
• In contrast, Loungepass.com is a legitimate site that enables users to pre-book airport lounge access at major airports. In Ms. Mani's instance, social engineering tactics were utilized to draw her to the counterfeit site, a common strategy among threat actors.
• It is crucial to recognize that Apple's iOS is designed to prevent the installation of apps from links that bypass the official Apple App Store, which enforces stringent security measures. This is where the scam's sophistication becomes evident.

How did the harmful APK function?

• The only method for downloading an app on an iOS device is through the official Apple App Store, where apps are verified and routinely scanned for malicious code to ensure user security.
• However, users have the option to download and test unreleased apps by enabling a hidden setting in iOS, which permits testing of beta versions from developers. “Apple’s Swift SDK also facilitates screen sharing, both within apps and in the background,” noted cybersecurity researcher Vishesh Kochher.
• Scammers can employ social engineering techniques to activate this setting, enabling users to download malicious apps that seem legitimate. In Ms. Mani's situation, once the harmful APK accessed her device, the scammers likely enabled call forwarding.
• This can be done, for instance, on Airtel’s network by dialing a specific code followed by the number to which calls should be forwarded, as explained by Mr. Kochher. With call forwarding active, scammers can easily receive one-time passwords (OTPs) for banking transactions.
• Mr. Kochher further explained that an app could be utilized on iOS to initiate phone calls. With calls redirected to the scammers' number and the app controlling outgoing calls, the scammers could carry out transactions without the user’s awareness.
• “The technical sophistication