Open in app

Sign in

Write

Sign in

Scammers posing as customer support team of reputed e-commerce in fashion & lifestyle industry.

Saurabh Jain
2 min readJul 20, 2024

--

In a recent interaction with the victims of a cyber-fraud and hack, the duo told that one of them recieved a call and a few WhatsApp messages from the hackers posing and claiming as to be the customer support team of a reputed e-commerce firm.

Sensing that something was and is going wrong, they promptly made me aware about this.

Hackers convinced the victims to share their ATM card details, CVV, bank account number and other sensitive information. The victims also fell into their trap to install malicious APK files onto their mobile devices under the pretext that they would be required by the customer support team to generate the refund.

Modulus Operandi

Objective : It seems the group is financially motivated and the objective is to steal money via intercepting incoming OTPs on the victim mobile which then can be further used to login into important apps like banking apps, UPI payment apps, stocks and mutual fund investment apps and steal the money. The stolen money is also then swiftly consumed in performing retail actions like recharging/doing top-up of an unknown numbers etc.

Information Gathering : Prior to the entire incident, the victim recieved call from the genuine customer team too 1 hour prior which raises a suspicion of either data leak that is allowing the adversaries to access phone numbers of customers or either an insider is acting as a helping hand inside and outside of the e-commerce organization.

Initial Access : The hackers asked the victims to install TeamViewer application which was disguised as
“{Name-of-e-commerce-company} setup.apk” & “meeting.apk” which can be seen as below (Did a simple MobSF analysis of the APKs)

TeamViewer is a widely popular software generally used for remote access and remote control.

Execution : (Payload Delivery & Techniques Used)

Payload was sent as an apk file via WhatsApp.

Credential Access :

Attackers are stealing credentials in the form of OTPs

Impact :

Victims are loosing their money, unsafe digital experience for customers which in turn greatly and unavoidably harms the trust between customers and the brand.

FURTHER SAST Analysis

Upon doing a SAST via MobSF, these were the key observations

apk file upon installation grants the following permissions which are dangerous from an attacker pov : android.permission.BLUETOOTH_CONNECT android.permission.BLUETOOTH_SCAN
android.permission.CAMERA
android.permission.POST_NOTIFICATIONS
android.permission.READ_PHONE_STATE
android.permission.RECORD_AUDIO
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Scam
Cyber Fraud
Remote Access

--

--

Saurabh Jain
Saurabh Jain

Written by Saurabh Jain

4 Followers
3 Following

Web & Application Penetration Tester

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams