UPI Users on Alert: ‘Digital Lutera' Toolkit Used in Telegram Groups to Steal Money, Says CloudSEK
Attackers manipulate system-level functions to intercept registration messages sent to banks and capture one-time passwords.
UPI Users on Alert: ‘Digital Lutera’ Toolkit Used in Telegram Groups to Steal Money, Says CloudSEK
Cybercriminals are using a sophisticated toolkit to bypass security checks in India’s digital payment ecosystem and take control of users’ Unified Payments Interface (UPI) accounts, according to a report by cybersecurity firm CloudSEK.
The toolkit, referred to as “Digital Lutera,” is reportedly being shared and discussed on several groups on the messaging platform Telegram. Researchers identified at least 20 active groups with more than 100 members each where the tool is circulated and used for financial fraud.
CloudSEK said an analysis of one such group indicated that fraudulent transactions worth around Rs 25–30 lakh were carried out within just two days, highlighting how quickly the method is spreading.
The attack typically begins when users unknowingly install a malicious Android application disguised as a routine notification, such as a traffic challan message or a wedding invitation. Once installed, the malware gains access to the phone’s messages.
With this access, attackers manipulate system-level functions to intercept registration messages sent to banks and capture one-time passwords (OTPs). These details are then forwarded to Telegram groups controlled by the fraudsters.
The report said this technique weakens traditional safeguards like SIM-binding and signature verification used in UPI applications.
CloudSEK said it has alerted regulators and financial institutions, including the National Payments Corporation of India, so preventive measures can be taken.