Fraudulent Scholarship Apps Target Students in “Defarud” Scam Campaign

1 day, 17 hours ago gbhackers

By Mayura Kathir

An Android malware tracker named SikkahBot, active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, SikkahBot lures victims with promises of scholarships, coerces them into sharing sensitive information, and requests high-risk permissions.

Once installed, it harvests personal and financial data, intercepts SMS messages, abuses the Accessibility Service, and executes automated banking transactions—including USSD-based operations.

Key Takeaways

SikkahBot impersonates the Bangladesh Education Board to distribute fraudulent scholarship apps.
Distribution occurs via shortened links redirecting victims to malicious APK download sites, likely through smishing campaigns.
The malware harvests personal details and payment information (wallet number, PIN, payment type).
Victims are coerced into granting Accessibility Service, SMS access, call management, and overlay permissions, enabling deep device control.
SikkahBot intercepts bank-related SMS, abuses Accessibility Service to autofill credentials in bKash, Nagad, and DBBL apps, and executes automated USSD transactions.
Active since ...

Copyright of this story solely belongs to gbhackers . To see the full text click HERE

Key Takeaways

Share: