fraudulent activities Archives

AppWizard

December 3, 2025

India mandates SIM-linked messaging apps to fight rising fraud

India's Department of Telecommunications (DoT) has mandated that messaging services must operate with active SIM cards linked to users' phone numbers to combat cyber fraud. Popular apps like WhatsApp, Telegram, Signal, and Snapchat must comply with these SIM-binding rules within 90 days. The new regulations also require web sessions to automatically log out after six hours to enhance security and address issues related to long-lived web sessions, which have been exploited by fraudsters. This initiative aims to improve the traceability of accounts and reduce fraudulent activities, particularly phishing schemes and scams. Cyber-fraud losses in India reached ₹22,800 crore in 2024, prompting these Telecom Cyber Security measures. Users roaming with their SIMs will not be affected by the new regulations.

AppWizard

December 2, 2025

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India's Department of Telecommunications (DoT) has mandated that app-based communication service providers implement measures requiring an active SIM card linked to the user's mobile number. This applies to messaging applications such as WhatsApp, Telegram, and Signal, which must comply within 90 days. The amendment to the Telecommunications (Telecom Cyber Security) Rules, 2024, aims to mitigate the misuse of telecommunication identifiers exploited for phishing and scams. The directive requires continuous linkage to the SIM card, and web service instances will log out every six hours, necessitating re-linking via QR code. This is intended to reduce account takeover risks and ensure that accounts are linked to KYC-verified SIMs. The DoT also announced a Mobile Number Validation (MNV) platform to combat identity fraud related to unverified mobile number associations.

AppWizard

December 2, 2025

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has emerged, marketed as malware-as-a-service (MaaS). It features a hard-coded list of over 400 applications, including banking and cryptocurrency platforms, and is distributed through social engineering tactics using dropper applications. Initially advertised in late September 2025, it became a full MaaS offering by October, with Russian-speaking threat actors behind its development. Albiriox allows remote control of compromised devices via an unencrypted TCP socket connection and Virtual Network Computing (VNC), enabling attackers to extract sensitive information and perform overlay attacks for credential theft. One campaign targeted victims in Austria using German-language lures and counterfeit Google Play Store listings. Albiriox also utilizes Android's accessibility services to bypass security measures and employs a novel distribution strategy involving a counterfeit website that collects phone numbers. Additionally, another Android MaaS tool, RadzaRat, was introduced, masquerading as a file management utility while offering extensive surveillance and remote control capabilities. RadzaRat can log keystrokes and maintain persistence through specific permissions, highlighting a trend in the availability of sophisticated cybercrime tools.

AppWizard

December 1, 2025

Government warns WhatsApp, Telegram and other messaging apps: Within 90 days, make sure your app stops working if… – The Times of India

By February 2026, India's telecom authority will implement a SIM binding policy requiring users to continuously verify their registered SIM cards for messaging applications like WhatsApp to combat cyber fraud. Users will be logged out of web versions of these apps after six hours, necessitating re-authentication via QR code. Messaging platforms have a 90-day period to comply with this requirement, which means apps will stop functioning if the registered SIM is removed. The new regulations classify these platforms as Telecommunication Identifier User Entities (TIUEs), expanding regulatory oversight. Challenges may arise for travelers and multi-device users, as they may face difficulties maintaining access to services. Critics, including industry insiders, question the feasibility and effectiveness of the policy, calling it problematic and an overreach. Messaging platforms must comply by early 2026 to avoid regulatory consequences.

AppWizard

November 26, 2025

Android users told to delete apps immediately after cyber attack infestation

Hundreds of Android applications have been compromised by SlopAds ad fraud malware, leading to their removal from the Google Play Store. A total of 224 apps were identified, collectively downloaded over 38 million times. The malware employs techniques like steganography to hide its activities and redirect users to malicious sites. Google has removed all identified malicious apps and will alert users to uninstall them. Android users are advised to activate Google Play Protect for enhanced security. The ad fraud undermines the integrity of legitimate advertisers and developers.

AppWizard

November 17, 2025

Sbazar.cz launches in-app messenger and mobile app

Seznam has launched a new mobile application for its classifieds platform, Sbazar.cz, replacing an outdated version. The app includes the Sbazar Messenger feature to enhance user security and reduce scams. Product manager Jakub Rybár noted the increasing sophistication of fraud attempts, leading to the blocking of 50-100 suspicious accounts monthly. The app centralizes communication to mitigate risks from fake emails and phishing. Mobile users now represent over half of the site's traffic, and the app offers functionalities such as account management, listing creation and editing, and push notifications. Sbazar.cz is the third most popular classifieds site in the Czech Republic, with 3.4 million visits in October, trailing Bazos.cz and Aukro.cz. Seznam also manages other platforms, including Sauto.cz and Sreality.cz.

AppWizard

November 3, 2025

Android users urged to delete hundreds of apps immediately in cyber attack warning

A new wave of cyber attacks targeting Android users has been identified, involving 224 compromised applications that have collectively amassed over 38 million downloads from the Google Play Store. This threat, named SlopAds by the Satori Threat Intelligence and Research Team, involves sophisticated advertising fraud techniques, including steganography, to generate illicit revenue through harmful ads embedded in apps. Google has removed all compromised applications from the Play Store and will notify users to uninstall them. Users are advised to enable Google’s Play Protect feature to safeguard against malicious applications. Ad fraud not only affects individual users but also undermines trust in the advertising ecosystem.

AppWizard

November 3, 2025

Hack alert as Android users warned to uninstall these risky apps

HUMAN's Satori Threat Intelligence and Research Team has identified and dismantled an ad fraud scheme called SlopAds, linked to 224 applications that have over 38 million downloads from Google Play across 228 countries. The perpetrators used techniques like steganography to embed fraudulent payloads in apps, creating hidden WebViews that redirected users to cashout sites for generating illegitimate ad impressions and clicks. Google has removed all identified malicious applications and will notify affected users to uninstall them. Users are encouraged to enable Google's Play Protect feature to prevent future threats. Ad fraud poses risks to advertisers and developers by tricking ad networks into accepting fraudulent ads. Invalid traffic can arise from developers using prohibited ad practices, undermining trust in the mobile advertising ecosystem. Users are advised to uninstall flagged applications to protect their devices.

AppWizard

October 21, 2025

WhatsApp And Messenger Include Scam Warnings For Seniors

Meta is enhancing user safety on WhatsApp and Messenger by introducing protective measures aimed at curbing scams, particularly targeting older adults. WhatsApp will display a warning when users share screens during calls with unknown contacts, discouraging the sharing of sensitive information. Messenger is piloting a scam detection system that alerts users to potential fraud indicators, allowing them to block or report suspicious contacts. Research shows that timely alerts can reduce compliance with fraudulent requests. Meta has disrupted around 8 million scam accounts and removed over 21,000 impersonating profiles. The company is also collaborating with the National Elder Fraud Coordination Center, which includes various major corporations, to combat scams across platforms.

AppWizard

October 15, 2025

Google Messages adds Key Verifier and spam link detection

Google has introduced two safety features for its Messages app: the Android Key Verifier and a spam protection feature. The Android Key Verifier is available for users on Android 10 and above, using QR codes to verify end-to-end encrypted message exchanges. Users can verify keys by tapping on the contact's name and selecting “Verify keys.” A confirmation message appears upon successful verification, and users are alerted if a contact's key changes due to reasons like acquiring a new device or SIM card, key expiration, or encryption protocol upgrades. Potential malicious reasons for key changes include man-in-the-middle attacks and SIM swapping. Users are advised to keep the Android System Key Verifier app updated. The spam protection feature prevents access to harmful links in texts unless marked as “not spam,” and it is now available worldwide.