Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Uncovering the Lounge Pass Scam Campaign: Targeted Android SMS Stealer Preying on Air Travellers

Oct. 28, 2024, 12:55 p.m.

Description

A sophisticated scam targeting air travelers in Indian airports has been uncovered, involving a malicious Android app called 'Lounge Pass'. The app, distributed through fake domains, intercepts and forwards SMS messages from victims' devices to cybercriminals, resulting in significant financial losses. Between July and August 2024, over 450 travelers unknowingly installed the fraudulent app, leading to a theft of more than INR 9 lakhs (approx. $11,000). The scammers exploited an exposed Firebase endpoint to store stolen SMS messages. Multiple related domains were identified spreading similar APKs. Key recommendations include downloading apps only from official stores, avoiding random QR code scanning, and never granting SMS access to travel or lounge apps.

Date

Published: Oct. 25, 2024, 8:49 p.m.

Created: Oct. 25, 2024, 8:49 p.m.

Modified: Oct. 28, 2024, 12:55 p.m.

Attack Patterns

Lounge Pass

Additional Informations

Transportation

British Indian Ocean Territory

India