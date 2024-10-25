ETV Bharat / technology

Lounge Pass Scam: Sophisticated Android SMS Stealer Targets Air Travellers In India

Hyderabad: CloudSEK's Threat Research Team discovered a sophisticated scam targeting air travellers in India through a malicious Android app called 'Lounge Pass'. This application, once installed, secretly captures and forwards text messages from victims' devices to scammers, enabling various types of fraud and significant financial losses.

The research team used Open Source Intelligence (OSINT) investigation to identify multiple domains associated with the scam. They reverse-engineered the malicious APK to discover that the scammers had accidentally exposed their Firebase endpoint used for storing intercepted SMS messages from victims. The Threat Research Team analysed the exposed data to find that that between July and August 2024, around 450 travelers installed the malicious app, resulting in scammers stealing over Rs 9 lakhs from their victims.

CloudSEK says that the amount represents only a portion of the total damages as it includes only the documented cases linked to the exposed endpoint found in the SMS stealer code during the analysed time frame. The research team claims that the APK was downloaded via URL loungepass[.]in. Through domain analysis and passive DNS data, researchers identified several related domains spreading similar APKs, including loungepass[.]info and loungepass[.]online.