{"id":4307,"date":"2024-09-23T17:39:21","date_gmt":"2024-09-23T12:09:21","guid":{"rendered":"https:\/\/quickheal.co.in\/knowledge-centre\/?p=4307"},"modified":"2025-06-11T12:48:46","modified_gmt":"2025-06-11T07:18:46","slug":"protect-from-fraudulent-irctc-apps","status":"publish","type":"post","link":"https:\/\/www.quickheal.co.in\/knowledge-centre\/protect-from-fraudulent-irctc-apps\/","title":{"rendered":"Fraudulent IRCTC apps are out to steal your data\u2014only use the official IRCTC app or website for bookings."},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4307\" class=\"elementor elementor-4307\">\n\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1badd6a1 e-flex e-con-boxed e-con e-parent\" data-id=\"1badd6a1\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-10042ad1 elementor-widget elementor-widget-text-editor\" data-id=\"10042ad1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.16.0 - 17-10-2023 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-4309 size-full\" src=\"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/2024\/09\/fake-irctc-app-01.png\" alt=\"\" width=\"223\" height=\"355\" srcset=\"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-01.png 223w, https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-01-188x300.png 188w\" sizes=\"(max-width: 223px) 100vw, 223px\" \/> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-4310 size-large\" src=\"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/2024\/09\/fake-irctc-app-02-247x390.png\" alt=\"\" width=\"247\" height=\"390\" srcset=\"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-02-247x390.png 247w, https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-02-190x300.png 190w, https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-02.png 369w\" sizes=\"(max-width: 247px) 100vw, 247px\" \/><\/p>\n<p>Source: Victim receives APK on WhatsApp or Telegram<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p>\n<p>The Fake IRCTC app portrays itself as the legitimate IRCTC original app but is in reality a full-fledged spyware that spies on victims with ease. This fake app spyware is able to perform the following actions:<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/ul>\n<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Steal Facebook and Google account credentials<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Use accessibility to extract codes from Google Authenticator<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Track GPS and network location<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Use the Camera API to record and send videos<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Gather Installed Applications\u2019 Information on the mobile device<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Send all collected information to a C2 server, after which it can obfuscate to hide the host<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph --><\/p>\n<p>This fake app tries to obtain the following permissions on a mobile device:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4311\" src=\"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/2024\/09\/fake-irctc-app-03.png\" alt=\"\" width=\"296\" height=\"289\" srcset=\"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-03.png 296w, https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-03-24x24.png 24w, https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-content\/uploads\/sites\/4\/2024\/09\/fake-irctc-app-03-48x48.png 48w\" sizes=\"(max-width: 296px) 100vw, 296px\" \/><\/p>\n<p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p>\n<p>Behind the scenes, this malware performs a number of malicious activities simultaneously, like stealing location and installed application data. This is a common scenario in cybersecurity frauds.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Impact<\/strong><\/h2>\n<p><!-- \/wp:heading --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/ul>\n<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Steal Facebook and Google account credentials<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Use accessibility to extract codes from Google Authenticator<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Track GPS and network location<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Use the camera API to record and send videos<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Gather installed applications\u2019 information on the mobile device<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Send all collected information to a C2 server, after which it can obfuscate to hide the host<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph --><\/p>\n<p>This type of cyber security fraud is a growing concern, as highlighted in online scams in cyber security reports.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Precautions<\/strong><\/h2>\n<p><!-- \/wp:heading --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/ul>\n<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Do not install this malicious application and keep yourself safe from such fraudsters.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Always download IRCTC\u2019s authorized \u2018IRCTC Rail Connect\u2019 mobile app from Google Play Store or Apple Store.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\">\n<li>Please note that IRCTC does not call its users\/customers for their PIN, OTP, Password, Credit\/Debit Card Details, Net Banking password, or UPI details.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Source: Victim receives APK on WhatsApp or Telegram The Fake IRCTC app portrays itself as the legitimate IRCTC original app but is in reality a full-fledged spyware that spies on victims with ease. This fake app spyware is able to perform the following actions: This fake app tries to obtain the following permissions on a [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":4313,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"footnotes":""},"categories":[29],"tags":[],"class_list":["post-4307","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-frauds"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts\/4307"}],"collection":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/comments?post=4307"}],"version-history":[{"count":7,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts\/4307\/revisions"}],"predecessor-version":[{"id":4778,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/posts\/4307\/revisions\/4778"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/media\/4313"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/media?parent=4307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/categories?post=4307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.co.in\/knowledge-centre\/wp-json\/wp\/v2\/tags?post=4307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}