Seqrite exposes advanced fake “NextGen mParivahan” malware targeting android users in India

Seqrite has uncovered a dangerous new variant of malware masquerading as the Indian government’s official ‘NextGen mParivahan’ application. Researchers at Seqrite Labs, India’s largest malware analysis facility, identified the threat during routine threat-hunting operations, revealing its use of advanced technical evasion methods to steal sensitive user data, including SMS messages, UPI PINs, and notifications from popular apps like WhatsApp, Amazon, and Gmail. The malware’s operators exploit public trust in digital governance initiatives, distributing fake traffic violation alerts via SMS to trick users into installing malicious apps.

The malware employs a multi-layered approach to avoid detection. By creating malformed APK files with invalid compression methods, it bypasses standard analysis tools used by cybersecurity researchers while remaining fully functional on Android devices running version 9 or later. One variant dynamically generates its command-and-control server URLs through native code stored in a library file, making it nearly ...