Source:
Sample: virustotal.com/gui/file/8a87c…
20 Rs extra if you install the Android app. The app was SMS Spam Trojan. (3/8)
Distributed link: codebeta[.]in/Free350Paytm-2.00.apk
VT(2/62): virustotal.com/gui/file/6eed0…
Domain(codebeta[.]in) is registered to: "hemantpr72@gmail.com"
FB page that refers to domain: facebook.com/pages/category… (5/8)
Goal of the apps: SMS Worm/SMS Spam Trojan
All evidence demonstrate that malware developer is most likely from India.
Attacker quickly switched from "get free 350 Rupees" to "get Corona Safety Mask" themed scam to exploit Coronavirus situation.