Executive Summary Cyble Research and Intelligence Labs (CRIL) observed a notable rise in Android malware campaigns masquerading as the Indian RTO (Regional Transport Office) applications and target Indian users to steal sensitive information. The malware spreads mainly through WhatsApp messages and SMS containing shortened URLs that appear as the RTO app, mParivahan, which redirect to GitHub-hosted APKs, and via compromised websites. Once installed, the malware uses phishing pages to capture ...
