How to safeguard your UPI account from latest ‘Digital Lutera’ malware

In today’s digital age, it has become essential to stay careful of banking-related scams to avoid getting into a financial crisis. Not to forget, with the ease of UPI, even scammers have started to target the platform so that users can send money. Just recently, it was reported that a new type of scam has spread in the market, known as the ‘Digital Lutera’ scam. Rather than scammers calling or texting you to ask for money, this scam involves getting access to your Android device directly and then using it to take out money using the UPI account. Let’s take a deep dive into how this scam works and how you can safeguard yourself from such scams.

Also Read: NASA satellite to crash land on Earth after 14 years: Full story in 5 points

How does the ‘Digital Lutera’ malware work?

First reported by Gadgets360, the Digital Lutera malware is not like the traditional scams, which involve scammers asking for money over the phone or by sending you links in the form of SMS messages. Scammers have found a new way; they rely on changing your Android phone’s behaviour rather than trying to directly get into the UPI payment app. 

It is a fraud toolkit that can bypass digital payment systems using UPI-linked bank accounts and SMS-based OTP verification. Experts reported that this scam takes place in the form of APKs. It begins when the user installs an APK file that they might have got over the internet or from some other sources. These apps are injected with a Trojan, and as soon as they are installed, the apps request permissions for reading and writing SMS. 

If the permissions are granted, then the ‘Digital Lutera’ malware starts its process, and it runs silently in the background. It looks at the incoming bank verification messages with the help of a different set of modules. And using that, the attacker tries to log in to the victim’s account through a modified version of the app on their own device.

UPDATE: The NPCI (National Payments Corporation of India) has officially given out a statement on this matter.

They said, “This is in reference to recent media reports citing a report on certain fraud-related modus operandi using latest technology to bypass UPI device binding. NPCI has examined the report and clarifies that robust checks and safeguards are already in place to address such risks.”

Furthermore, adding, “UPI is designed with multiple layers of security and authentication mechanisms to ensure that transactions remain safe and secure. NPCI continues to work closely with banks and ecosystem partners to monitor risks and strengthen security measures, ensuring that digital payments remain safe and reliable for users.”

Still, here are the best practices or tips to follow for your safety.

How to safeguard yourself from such scams 

Speaking of how you can actually save yourself from such scams, there are a few basic steps that you can follow to save yourself. Follow some of the safeguard techniques and methods mentioned below:

• Make sure not to install any apps outside of official app stores like the Google Play Store.
• Avoid any text messages that ask you to install any sort of APKs, in the form of a traffic challan, or maybe even an invitation to an event.
• Make sure Google Play Protect on your phone is active and updated to the latest version.
• If you’re downloading any third-party APKs, make sure they don’t get flagged by Google Play Protect; if they do, avoid installing those files.
• Update your phone’s software to the latest version, which includes the latest security patch.

While these steps can help reduce the risk of falling victim to such malware, they do not guarantee complete protection. Scammers are constantly finding new ways to exploit digital systems, which makes it important for users to stay alert. The safest approach is to be mindful about what you install on your phone and where those apps come from.

As mentioned, avoid downloading unknown APK files, be cautious with links or attachments you receive, and regularly check the permissions granted to apps on your device. A little caution while installing apps and managing your phone’s security settings can go a long way in keeping your UPI account and personal data safe.

Also Read: Google unveils Gemini Embedding 2, its first multimodal embedding model