A sophisticated new scam targeting travelers seeking airport lounge access has emerged, with over 450 passengers losing a combined ₹9 lakh (around $11,000) to a fraudulent app named ‘Lounge Pass’. The app, a dangerous threat in the aviation sector, has been circulating via WhatsApp messages, directing users to domains like loungepass[.]in, loungepass[.]info, and loungepass[.]online, all linked to the scam.
The fake ‘Lounge Pass’ app, once installed on an Android smartphone, secretly intercepts incoming SMS messages, including crucial One-Time Passwords (OTPs) used for online transactions and account verification. This stealthy data capture allows the scammers to access sensitive information and steal money from victims.
The scam was uncovered by CloudSEK’s threat research team, which discovered a technical flaw in the app. The scammers unintentionally exposed their Firebase server endpoint, the location where stolen SMS messages were stored. This exposed the scale of the scam and allowed investigators to trace the stolen funds.
The investigation revealed that over 450 unsuspecting travelers fell victim to the fraudulent app between July and August 2024. The scam came to light after a viral post on X (formerly Twitter) detailed how a traveler at Bengaluru airport lost over ₹87,000 after falling prey to the fake app.
Authorities warn that the ‘Lounge Pass’ scam might be just the tip of the iceberg, with numerous similar fake apps circulating and this deceptive strategy rapidly gaining traction.
Anshuman Das, a CloudSEK researcher, stated, “The fact that 450 travellers have already fallen victim and over INR 9 lakh have been stolen is deeply concerning. This is just one fraudulent app that we have found; the possibility of thousands of similar fake apps being in operation cannot be denied. It is critical that travellers remain cautious and only install apps from official sources.”
This alarming incident highlights the growing sophistication of cybercrime and emphasizes the importance of digital vigilance, particularly in the travel industry. Travelers are advised to exercise extreme caution when downloading apps and avoid falling prey to seemingly attractive offers, especially those disseminated through unofficial channels like WhatsApp.