Lounge Pass scam exposed; experts warn travelers to stay vigilant at airports.
A concerning new scam involving the Lounge Pass app has come to light, with the app reportedly scamming travelers of large sums of money.
This cyber scam was exposed after a victim shared her experience on social media, revealing how she lost over Rs. 87,000.
Cybersecurity researchers have since verified the scam’s existence and explained its workings, prompting warnings to travelers.
Victim’s Alarming Experience at Kempegowda Airport
In a video on X (formerly Twitter), a victim recounted how the incident unfolded at Bengaluru’s Kempegowda International Airport on September 29.
Without her physical credit card, she showed a picture of it to lounge staff, who allegedly directed her to download the Lounge Pass app for access.
The victim reported being asked to share her screen and perform a face scan for “security reasons.”
In the following weeks, she encountered issues with her calls, noticing some calls were answered by a strange male voice.
Her suspicions were confirmed when her credit card bill showed a transaction of Rs. 87,125 to an unknown PhonePe account.
After discovering unauthorized changes in her phone’s settings, including activated call forwarding, she reported the matter to the cybercrime cell.
Cybersecurity Experts Investigate Lounge Pass Scam
CloudSEK’s Threat Research Team confirmed the app’s fraudulent nature following an open-source investigation.
The team discovered that the app, when installed, functions as an SMS-stealer capable of taking control of the victim’s device, including intercepting calls and OTPs. The researchers found an exposed Firebase endpoint used to collect victims’ SMS data, estimating that between July and August 2024, around 450 users installed the app, with losses amounting to over Rs. 9 lakh.
Precautionary Measures for Travelers
To prevent such scams, cybersecurity experts advise travelers to only download lounge apps from official sources like Google Play or the App Store. Travelers should avoid scanning random QR codes, be cautious with app permissions, and enable two-factor authentication for added security.