Hyderabad: CloudSEK's Threat Research Team discovered a sophisticated scam targeting air travellers in India through a malicious Android app called 'Lounge Pass'. This application, once installed, secretly captures and forwards text messages from victims' devices to scammers, enabling various types of fraud and significant financial losses.
The research team used Open Source Intelligence (OSINT) investigation to identify multiple domains associated with the scam. They reverse-engineered the malicious APK to discover that the scammers had accidentally exposed their Firebase endpoint used for storing intercepted SMS messages from victims. The Threat Research Team analysed the exposed data to find that that between July and August 2024, around 450 travelers installed the malicious app, resulting in scammers stealing over Rs 9 lakhs from their victims.
CloudSEK says that the amount represents only a portion of the total damages as it includes only the documented cases linked to the exposed endpoint found in the SMS stealer code during the analysed time frame. The research team claims that the APK was downloaded via URL loungepass[.]in. Through domain analysis and passive DNS data, researchers identified several related domains spreading similar APKs, including loungepass[.]info and loungepass[.]online.
Tips to stay safe online from such Lounge Pass Scam
The research team also shared some safety tips to help users stay safe from Lounge Pass Scam, which includes the following:
- Download lounge access apps only from trusted sources like the Google Play Store or Apple App Store
- Verify the app publisher's name matches the official company and check user feedback and download numbers
- Avoid scanning random QR codes at airports; confirm legitimacy with airport or lounge staff
- Never download apps via direct APK links that bypass official app stores
- Do not grant SMS permissions to lounge or travel apps; legitimate apps don't need SMS access
- Book lounge access through official channels like your bank, credit card benefits, or trusted partners
- Monitor your accounts regularly while travelling and enable banking alerts for transactions
- Review and remove permissions for any suspicious lounge-related apps you have installed