Image by Redd Francisco, from Unsplash

SikkahBot Malware Defrauds Students Through Fake Scholarship Apps

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

A new Android malware campaign called SikkahBot is targeting students in Bangladesh, posing as official apps from the Bangladesh Education Board.

In a rush? Here are the quick facts:

• Malware collects personal details, banking info, and wallet PINs.
• It abuses Accessibility Service and intercepts SMS for automated fraud.
• Active since July 2024, variants remain largely undetected online.

The malware has been active since July 2024, using scholarship promises to deceive users, stealing financial and personal details.

Cyble Research and Intelligence Labs (CRIL) reported that SikkahBot spreads through short links that redirect to malicious APK download sites, likely sent via SMS phishing attacks.

Once installed, the application requires students to enter personal information, including their name, department, institute details, and payment information such as account numbers and PINs, after the installation process.

The malware collects this data before requesting high-risk permissions, such as Accessibility Service, SMS access, call management, and overlay permissions, giving attackers complete control of the devices.

The malware intercepts bank-related SMS messages, uses autofill functions in bKash, Nagad, and Dutch-Bangla Bank apps, and performs automated USSD-based transactions.

According to CRIL, “The combination of phishing, automated banking activity, and offline USSD exploitation makes it a highly effective tool for financial fraud against unsuspecting students.”

CRIL reports that SikkahBot remains largely undetected on VirusTotal platforms. Additionally, its new versions include advanced automation features, indicating that attackers continue to improve this attack. CRIL has identified over 10 active malware samples linked to this campaign.

To protect themselves, CRIL advises students to download apps only from authorized stores, avoiding suspicious links, granting dangerous permissions only when necessary, using two-factor authentication on banking apps, and reporting any suspicious activity to their bank immediately. Installing mobile security software and keeping devices updated also function as necessary protection measures.

Image by Jonas Allert, from Unsplash

Age-Verification Laws Push Users To Unregulated Online Sites

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

The new age verification rules have pushed users to visit noncompliant websites that put their privacy at risk.

In a rush? Here are the quick facts:

• Sites ignoring the law see doubled or tripled user visits.
• U.S. has 25 states with similar age-verification laws.
• Compliance costs can reach millions per day for adult websites.

The United Kingdom’s Online Safety Act , which became effective last month, resulted in complete website traffic failure for all adult content sites that followed the new regulations.

The websites that did not follow the law recorded a massive increase in website traffic. A Washington Post analysis reports that some of these websites that defied these rules doubled or tripled their audiences compared to last year.

The shift illustrates a paradox. The law “suppresses traffic to compliant platforms while driving users to sites without age verification,” said John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab, as reported by the Post. “The more the government squeezes, the more they reward the very sites that scoff at their rules,” he added.

Supporters argue the rules are vital to protect children. “Clicking a box that says ‘Yes, I am 18’ is not gonna prevent a 15-year-old boy from going on that website,” said Ohio state Rep. Steve Demetriou, as reported by the Post.

But critics say the system creates privacy risks since users must give commercial platforms access to their personal documents and facial data.

The Post notes that since 2022, the United States has witnessed at least 25 states implementing these types of regulations. The Supreme Court maintained Texas’s age-check requirement after Justice Clarence Thomas stated that the law’s impact on free speech is “incidental.”

The costs of compliance are also high. Pornhub could face fines of $13 million a day, one judge said, as reported by the Post. The burden of moderation falls heavily on smaller sites, including community message boards, according to their statements, although some platforms have chosen to shut down access completely.

The platforms must deal with legal penalties while defending themselves in court, and users are increasingly using VPNs to bypass restrictions. As Scott-Railton said to the Post, the result so far is “a textbook illustration of the law of unintended consequences.”