Several creative tactics target seniors, one of which is the ongoing “free wedding invite” fraud. Fraudsters use deceptive tactics, most commonly including phony wedding invitations, using social media chats like WhatsApp.

It uses WhatsApp to connect with its victims, luring users into installing an APK that ultimately transmits user data to a C2 server housed on Telegram.

The victim is then sent a malicious APK that poses as a phony wedding invitation. The victims install the software because they think it would provide additional information about the free wedding, and their SMS data is ultimately stolen. Cybersecurity Company – “F-Secure” provided Cyber Security News with the complete information.

Free-Wedding Invite Scam via WhatsApp

The “Wedding Invite” scam, which went throughout Malaysia, had the victim receiving a wedding invitation from an unknown person with the instruction to open the attached file to find out more information about the wedding.

In particular, the "attached file" is an APK that installs malware on the victim's phone. Existing malware is made to take different kinds of data, such as device, build, and SMS information, from users' phones.

Risky permissions that allowed text message sending and reading were in use when researchers examined AndroidManifest.xml. Moreover, the app's absence from the App Launcher might be attributed to its Missing Launcher activity category. The same push notification was received by two broadcast recipients.

“Once the app is installed on the phone, it stays hidden, as deduced from the MainActivity. For spyware, the reason behind hiding is to avoid detection and carry on with its objective of stealing user data as long as possible,” researchers said.

A Telegram bot is used by the malware as its C2 server. Applications provided by the Telegram chat network are known as Telegram bots. It is set up to automate user interactions and provide information in real-time.

A hacker can easily access information gathered on Telegram with the help of this program, which passes stolen data to the Telegram bot. The software opens what appears to be a safe website when this data is hacked and gives the victim a false sense of security by diverting and relaxing them.

Despite appearing to be a retail website, the spyware has nothing to do with its functionality. The spyware on the hacked mobile reads incoming SMS messages. This might provide scammers access to a variety of private information, including one-time passwords and personally identifiable information.

Numerous ways exist for such information to be exploited, including selling credentials that have been stolen or gaining control of banking transactions. Because of this, people should exercise caution when corresponding online, especially with senior citizens, since the landscape of potential scams is always shifting. To protect their customers, security firms also need to be informed about it.