Beware! Fake 'NextGen mParivahan' Malware Returns

April 9, 2025, 8:40 p.m.

Description

A new variant of the fake NextGen mParivahan malware has emerged, exhibiting enhanced stealth and data theft capabilities. The malware, disguised as a government traffic notification system, tricks users into downloading a malicious app that requests extensive permissions. This latest version targets messages from social media, communication, and e-commerce apps, posing a greater threat to user privacy. It employs advanced techniques such as malformed APKs, multi-stage dropper-payload architectures, and dynamic C2 generation to evade detection. The malware steals sensitive data, including SMS messages and notification content, uploading it to Firebase or a C2 server. Its ability to access notifications, SMS, and app data significantly risks user privacy, highlighting the need for improved security awareness and analysis tools.

External References

https://www.seqrite.com/blog/beware-fake-nextgen-mparivahan-malware-returns-with-enhanced-stealth-and-data-theft
https://otx.alienvault.com/pulse/67f6b1c771e854bfa88f7cfd
Tags
android
anti-analysis
firebase
2025-04-09
malformed apk
sms theft
notification stealer
dropper-payload
c2 extraction
nextgen mparivahan

Date

  • Created: April 9, 2025, 5:43 p.m.
  • Published: April 9, 2025, 5:43 p.m.
  • Modified: April 9, 2025, 8:40 p.m.

Attack Patterns

  • NextGen mParivahan