Indian cybersecurity researchers announced on Thursday that they had uncovered a deceptive campaign falsely posing as a Tata Motors offer, which was actually a ploy by hackers based in China to harvest user data.
The research arm of Cyber Peace Foundation, situated in New Delhi, received WhatsApp links promoting a gift supposedly from Tata Motors. These links were designed to gather user data, including browser and system information, along with cookie data.
The campaign masqueraded as a Tata Motors offer but was hosted on a third-party domain, deviating from Tata Motors’ official website, which raised suspicions, according to the research team.
When users accessed the links from devices like smartphones with WhatsApp installed, the site triggered the WhatsApp application to open, encouraging users to share the link.
The malicious site featured alluring prizes aimed at enticing unsuspecting individuals, using the title “Tata Motors Cars, celebrates sales exceeding 30 million.” Upon landing on the page, a congratulatory message displayed alongside an attractive image of a Tata Safari car. Users were prompted to take a brief survey to supposedly win a free TATA Safari vehicle.
A faux Facebook comment section appeared at the bottom of the page, containing comments purportedly from users attesting to the offer’s benefits.
Upon clicking the “OK” button, users were given three chances to win the prize. After using all the attempts, the site declared the user a winner of the “TATA SAFARI.”
Following this, users were instructed to share the campaign on WhatsApp by clicking the “OK” button. To proceed, users needed to click the WhatsApp button and then the green “Complete registration” button, redirecting them to various advertisement webpages, with the ads changing each time the button was clicked.
The researchers discovered that cybercriminals utilized Cloudflare technologies to conceal the actual IP addresses of the frontend domain names used in the fake Tata Motors campaign. However, through investigation phases, they identified a domain name linked to China.
Cyber Peace Foundation, alongside Autobot Infosec Private Limited, delved into the matter and concluded that these websites were involved in online fraud. The Foundation emphasized that the campaign posed as a Tata Motors offer but was hosted on an unofficial domain, adding to its suspicious nature.
Given the findings, the Foundation advised people to avoid opening such messages and exercise caution when encountering such messages on social platforms.
