{ "name": "Beware! Fake 'NextGen mParivahan' Malware Returns", "slug": "beware-fake-nextgen-mparivahan-malware-returns", "description": "A new variant of the fake NextGen mParivahan malware has emerged, exhibiting enhanced stealth and data theft capabilities. The malware, disguised as a government traffic notification system, tricks users into downloading a malicious app that requests extensive permissions. This latest version targets messages from social media, communication, and e-commerce apps, posing a greater threat to user privacy. It employs advanced techniques such as malformed APKs, multi-stage dropper-payload architectures, and dynamic C2 generation to evade detection. The malware steals sensitive data, including SMS messages and notification content, uploading it to Firebase or a C2 server. Its ability to access notifications, SMS, and app data significantly risks user privacy, highlighting the need for improved security awareness and analysis tools.", "published": "2025-04-09T15:43:35+00:00", "created_at": "2025-04-09T15:43:35+00:00", "modified_at": "2025-04-09T18:40:16+00:00", "created_at_opencti": "2025-04-09T15:43:35+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-04-09", "android", "anti-analysis", "c2 extraction", "dropper-payload", "firebase", "malformed apk", "nextgen mparivahan", "notification stealer", "sms theft" ], "related_entities": { "malware": [ { "id": "legacy:malware:520ab99bf4c544ec", "name": "NextGen mParivahan", "slug": "nextgen-mparivahan" } ], "attack_patterns": [ { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" } ] }, "external_refs": [ "https://www.seqrite.com/blog/beware-fake-nextgen-mparivahan-malware-returns-with-enhanced-stealth-and-data-theft", "https://otx.alienvault.com/pulse/67f6b1c771e854bfa88f7cfd" ] }