CloudSEK TRIAD

The blog explores the growing threat landscape of Cyber Monday scams, detailing the diverse tactics cybercriminals use to exploit the online shopping surge. Key threats include phishing attacks, fake online marketplaces, social media scams, fraudulent gift card generators, and advanced tools like Malware-as-a-Service (MaaS). Psychological manipulation tactics—such as urgency, authority, and social proof—amplify the success of these schemes.

CloudSEK’s Threat Research Team uncovered a sophisticated scam targeting air travelers at Indian airports. The fraud involves a malicious Android application named Lounge Pass, distributed through fake domains like loungepass.in. This app secretly intercepts and forwards SMS messages from victims’ devices to cybercriminals, resulting in significant financial losses. The investigation revealed that between July and August 2024, over 450 travelers unknowingly installed the fraudulent app, resulting in a reported theft of more than INR 9 lakhs (approx. $11,000). The scammers exploited an exposed Firebase endpoint to store stolen SMS messages. Through domain analysis and passive DNS data, researchers identified several related domains spreading similar APKs. Key recommendations include downloading apps only from official stores, avoiding scanning random QR codes, and never granting SMS access to travel or lounge apps. Travelers should book lounge access through official channels and stay vigilant to protect their personal data. Stay updated on the latest scams and protect your travel data by following these guidelines.