A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud.
The operation combines phishing, malware, and surveillance capabilities. It is being distributed via malicious APKs hosted on GitHub and clusters of phishing domains that run fake challan and ₹1 verification workflows.
The campaign is financially motivated and professionally engineered, using a multi-stage, native-backed Android Remote Access Trojan (RAT) that abuses advanced obfuscation, dynamic code loading, and persistent background execution to evade detection and maintain long-term control over infected devices.
https://gbhackers.com/android-users-2/