One of the things that all of us must get used to is paying attention to alerts about new computer viruses that are put out by tech companies or technology regulators from time to time. It is one way of being aware, alert and hopefully protecting ourselves from serious damage. But, before we discuss the latest such warning, we may have more to worry about from seemingly friendly neighbours who may be laying a deadly trap for you.

 

In a rather shocking incident that may sound like a movie script, an actor from Mumbai was sent to Sharjah in the United Arab Emirates (UAE). She was 'requested' to deliver a trophy to someone there. The only problem: this 'trophy' contained drugs, leading to the actor's arrest. After intervention from the Mumbai police, she was released from jail. Preliminary inquiry reveals that she was made a 'drug' mule as a vendetta against her family by a baker who operated out of her building. 

 

'Planted' Drugs Carrier

Mumbai actor Chrisann Pereira, who was jailed in Sharjah in a 'drug plant' case, was released recently. Her story reads like a movie script. It turns out that Chrisann was arrested in the UAE last month because an award trophy that she was carrying for someone was found to have drugs in it. Worse, the Sharjah authorities had been tipped off about it.

 

It now turns out that the drugs were planted by a baker, Anthony Paul, out of some sort of vendetta. Paul and his associate Rajesh Bubhate alias Ravi, a banker, have been arrested by the Mumbai police. Following interrogation, they not only confessed to trapping Chrisann but several others. The duo had trapped three other persons by concealing drugs in award trophies,  while two others were given drugs-laced cakes before they flew to Dubai.

 

While two persons, including Chrisann, unwittingly walked into the trap, the other three managed to evade the Sharjah authorities. Chrisann has been released after the Mumbai police spoke to their counter parts in Sharjah and provided them a recording of the confession of Anthony Paul and Rajesh Bubhate.

 

Media reports say that Paul is the brain behind the horrible revenge-trap and was settling an old grudge against the Pereira family, especially Chrisann's mother Premila and brother Kevin. But Paul had used the same modus operandi with some other wannabe actors, assuring them of plum roles in global web series. 

 

There is a serious lesson here—anytime you are getting your boarding pass online, the airline makes you declare that you have packed your luggage yourself and are fully aware of what you are carrying. Most people ignore it. We try to be good friends, neighbours and colleagues by agreeing to carry little gifts or food items abroad. Sometimes, people are trapped even during the journey by people who will befriend you seeking help to carry a piece of luggage or check it in as yours, because they want to avoid the extra luggage charge. Be warned that it is dangerous to make such offers—you could be the victim of a dangerous trap and spend a very long time in a foreign jail without the resources, contacts, friends or prayers that helped Chrisann. 

 

Nexus Android Banking Trojan

The Indian - Computer Emergency Response Team (CERT-In) recently warned about a new trojan similar to the banking trojan SOVA. The Nexus Android banking trojan targets banking portals and cryptocurrency services for stealing credentials and SMS interception.

 

According to a warning issued by CERT-In, a malware campaign spreading Nexus Android banking trojan through the malware-as-a-service (MaaS) platform is active. Cybercriminals are allowing its usage on the dark web on a subscription basis. 

 

As observed, CERT-In says, the Nexus is seen distributed through phishing campaigns impersonating legitimate websites. "The Nexus botnet focuses on stealing the credentials from banking apps and even two-factor (2FA) authentication of Google Authenticator through the abusing accessibility service. It can steal SMS, crypto wallets and cookies of websites also. Over time, the malware has enriched its capability to steal information and other malicious activity."

 

"Once the malware is installed on the victim's device, it connects to the command and control server (C2) for command control and activity. It provides a C2 web panel for attackers to carry out attacks and acquire stolen data. Nexus C2 web panel exposes the login page on the internet," it added.

 

 

 

Similar to SOVA malware, Nexus also gains access to sensitive information after obtaining permissions and administrative rights of the device. It sends a log file, including a list of apps installed on the device, to its command and control (C&C) centre. The cybercriminals match the list of apps installed with their targetted banking app and send 'enableinject' command, including the specific application's package name, which downloads an HTML injection for that app. 

 

The code launches a webview interface matching the original and authentic app whenever the user uses that targeted application. Through this, cybercriminals obtain the credentials of the user. 

 

Nexus also includes a ransomware module used to encrypt files on the victim's device. 

 

CERT-In says users must use only official app stores for downloading any app. Before downloading any app from the official stores, do check reviews, comments, number of downloads and additional information. Also, check app permissions and grant only those most relevant to the app. For example, a chat or messaging app would not need access to body sensors on the device. Or a calculator would not need access to your phone contacts or call logs. So, do review all permissions and grant only those required by the app.

 

Fake Wealthy NRIs or Doctors of Matrimonial Sites

In the past, I have warned about people being duped by false profiles on matrimonial sites. The latest on this is that the Nigerian criminals, who played on people’s greed by promising goodies or an inheritance, have now waded into this lucrative scam territory.

 

Earlier this week, the Delhi police arrested two Nigerians, Chife Monday and Igwemma Jame, who were staying in the Nihal Vihar area, for duping over 700 people on matrimonial sites. Their fake online profile was that of wealthy non-resident Indians (NRIs) or foreign nationals, especially doctors.

 

A Delhi woman, who had registered on Bharat Matrimony, met one such scammer online, who claimed to be an American residing in California. He befriended her and started messaging her on WhatsApp. He soon shared a photo of an expensive gift he had allegedly sent her. She then received a call from one Riya Mehta asking her to pay Rs2.40 lakh in customs duty and other taxes on her 'gift' parcel. This is standard practice for ensnaring gullible people.

 

Harendra Kumar Singh, deputy commissioner of police (DCP), told IANS that the mobile numbers used by the scammers were switched off and the fake matrimonial profile deleted when investigations began. An analysis of the matrimony profile and calling numbers led the cops to Nihal Vihar, and a raid was conducted to arrest the scammer.  

 

During interrogation, they divulged the names of other associates who allowed the use of their bank accounts (as money mules) for a commission. The wife of the associate also collected a commission to masquerade as an Indian customs officer to dupe the victims.

 

How To Report Cyber Fraud?

Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c). 

 

Are you a victim of Online Financial Fraud? Immediately call helpline Number 1930 and register your complaint at https://t.co/cr6WZMOi4c pic.twitter.com/HZqUMKSDNF

— Cyber Dost (@Cyberdost) October 12, 2022

 

If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.