More than 450 passengers have lost over ₹9 lakh (around $11,000) through Lounge Pass, a fraudulent app that posed as a service to provide airport lounge access, according to a report by Hindustan Times.
The fake app, a unique and dangerous threat in the aviation sector, preys on travellers looking for airport lounge access.
It was circulated via WhatsApp messages, directing users to domains such as loungepass[.]in, loungepass[.]info, and loungepass[.]online, which were all linked to the scam.
Through the fake app, the scammers intercepted sensitive text messages such as OTPs (One Time Passwords) from victims' mobile phones, enabling them to steal money.
The scam was uncovered by CloudSEK's threat research team, as per the report.
The report, citing authorities, said this scam may be larger in scale, as several similar fake apps are circulating, and this deceptive strategy is rapidly gaining momentum.
The fraud came to light after a viral post on social media platform X (formerly Twitter) detailed how a traveller at the Bengaluru airport fell victim to the fraudulent app and lost over ₹87,000.
According to the HT report, over 450 unsuspecting travellers installed the fake "Lounge Pass" app on their Android smartphones between July and August 2024.
Once the fake "Lounge Pass" app is installed, it captures incoming SMS messages from the victim’s smartphone.
CloudSEK's threat research team discovered a technical flaw in the Lounge Pass app. The scammers had inadvertently exposed their Firebase server endpoint, where stolen SMS messages were stored. This allowed the investigators to analyse the scale of the scam and trace the stolen funds, said the HT report.
Anshuman Das, a CloudSEK researcher, said, "The fact that 450 travellers have already fallen victim and over INR 9 lakh have been stolen is deeply concerning. This is just one fraudulent app that we have found; the possibility of thousands of similar fake apps being in operation cannot be denied. It is critical that travellers remain cautious and only install apps from official sources."
