Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label India. Show all posts
Phishing emails
Data Theft Income Tax Department India malware Phishing emails

Fake Tax Emails Used to Target Indian Users in New Malware Campaign

 


A newly identified cyberattack campaign is actively exploiting trust in India’s tax system to infect computers with advanced malware designed for long-term surveillance and data theft. The operation relies on carefully crafted phishing emails that impersonate official tax communications and has been assessed as potentially espionage-driven, though no specific hacking group has been confirmed.

The attack begins with emails that appear to originate from the Income Tax Department of India. These messages typically warn recipients about penalties, compliance issues, or document verification, creating urgency and fear. Victims are instructed to open an attached compressed file, believing it to be an official notice.

Once opened, the attachment initiates a hidden infection process. Although the archive contains several components, only one file is visible to the user. This file is disguised as a legitimate inspection or review document. When executed, it quietly loads a concealed malicious system file that operates without the user’s awareness.

This hidden component performs checks to ensure it is not being examined by security analysts and then connects to an external server to download additional malicious code. The next stage exploits a Windows system mechanism to gain administrative privileges without triggering standard security prompts, allowing the attackers deeper control over the system.

To further avoid detection, the malware alters how it identifies itself within the operating system, making it appear as a normal Windows process. This camouflage helps it blend into everyday system activity.

The attackers then deploy another installer that adapts its behavior based on the victim’s security setup. If a widely used antivirus program is detected, the malware does not shut it down. Instead, it simulates user actions, such as mouse movements, to quietly instruct the antivirus to ignore specific malicious files. This allows the attack to proceed while the security software remains active, reducing suspicion.

At the core of the operation is a modified banking-focused malware strain known for targeting organizations across multiple countries. Alongside it, attackers install a legitimate enterprise management tool originally designed for system administration. In this campaign, the software is misused to remotely control infected machines, monitor user behavior, and manage stolen data centrally.

Supporting files are also deployed to strengthen control. These include automated scripts that change folder permissions, adjust user access rights, clean traces of activity, and enable detailed logging. A coordinating program manages these functions to ensure the attackers maintain persistent access.

Researchers note that the campaign combines deception, privilege escalation, stealth execution, and abuse of trusted software, reflecting a high level of technical sophistication and clear intent to maintain prolonged visibility into compromised systems.

Read more »
Technology
AI Cloud Data Google India location tracking Technology

Google Launches Emergency Location Services in India for Android Devices


Google starts emergency location service in India

Google recently announced the launch of its Emergency Location Service (ELS) in India for compatible Android smartphones. It means that users who are in an emergency can call or contact emergency service providers like police, firefighters, and healthcare professionals. ELS can share the user's accurate location immediately. 

Uttar Pradesh (UP) in India has become the first state to operationalise ELS for Android devices. Earlier, ELS was rolled out to devices having Android 6 or newer versions. For integration, however, ELS will require state authorities to connect it with their services for activation. 

More about ELS

According to Google, the ELS function on Android handsets has been activated in India. The built-in emergency service will enable Android users to communicate their location by call or SMS in order to receive assistance from emergency service providers, such as firefighters, police, and medical personnel. 

ELS on Android collects information from the device's GPS, Wi-Fi, and cellular networks in order to pinpoint the user's exact location, with an accuracy of up to 50 meters.

Implementation details

However, local wireless and emergency infrastructure operators must enable support for the ELS capability. The first state in India to "fully" operationalize the service for Android devices is Uttar Pradesh. 

ELS assistance has been integrated with the emergency number 112 by the state police in partnership with Pert Telecom Solutions. It is a free service that solely monitors a user's position when an Android phone dials 112. 

Google added that all suitable handsets running Android 6.0 and later versions now have access to the ELS functionality. 

Even if a call is dropped within seconds of being answered, the business claims that ELS in Android has enabled over 20 million calls and SMS messages to date. ELS is supported by Android Fused Location Provider- Google's machine learning tool.

Promising safety?

According to Google, the feature is only available to emergency service providers and it will never collect or share accurate location data for itself. The ELS data will be sent directly only to the concerned authority.

Recently, Google also launched the Emergency Live Video feature for Android devices. It lets users share their camera feed during an emergency via a call or SMS with the responder. But the emergency service provider has to get user approval for the access. The feature is shown on screen immediately when the responder requests a video from their side. User can accept the request and provide a visual feed or reject the request.

Read more »
Technology
AI Data data security Fintech India Technology

India's Fintech Will Focus More on AI & Compliance in 2026


India’s Fintech industry enters the new year 2026 with a new set of goals. The industry focused on rapid expansion through digital payments and aggressive customer acquisition in the beginning, but the sector is now focusing more towards sustainable growth, compliance, and risk management. 

“We're already seeing traditional boundaries blur- payments, lending, embedded finance, and banking capabilities are coming closer together as players look to build more integrated and efficient models. While payments continue to be powerful for driving access and engagement, long-term value will come from combining scale with operational efficiency across the financial stack,” said Ramki Gaddapati, Co-Founder, APAC CEO and Global CTO, Zeta.

India’s fintech industry is preparing to enter 2026 with a new Artificial intelligence (AI) emerging as a critical tool in this transformation, helping firms strengthen fraud detection, streamline regulatory processes, and enhance customer trust.

What does the data suggest?

According to Reserve Bank of India (RBI) data, digital payment volumes crossed 180 billion transactions in FY25, powered largely by the Unified Payments Interface (UPI) and embedded payment systems across commerce, mobility, and lending platforms. 

Yet, regulators and industry leaders are increasingly concerned about operational risks and fraud. The RBI, along with the Bank for International Settlements (BIS), has highlighted vulnerabilities in digital payment ecosystems, urging fintechs to adopt stronger compliance frameworks. A

AI a major focus

Artificial intelligence is set to play a central role in this compliance-first era. Fintech firms are deploying AI to:

Detect and prevent fraudulent transactions in real time  

Automate compliance reporting and monitoring  

Personalize customer experiences while maintaining data security  

Analyze risk patterns across lending and investment platforms  

Moving beyond payments?

The sector is also diversifying beyond payments. Fintechs are moving deeper into credit, wealth management, and banking-related services, areas that demand stricter oversight. It allows firms to capture new revenue streams and broaden their customer base but exposes them to heightened regulatory scrutiny and the need for more robust governance structures.

“The DPDP Act is important because it protects personal data and builds trust. Without compliance, organisations face penalties, data breaches, customer loss, and reputational damage. Following the law improves credibility, strengthens security, and ensures responsible data handling for sustained business growth,” said Neha Abbad, co-founder, CyberSigma Consulting.




Read more »
Technology
AI adoption India Public Sector Technology

India Steps Up AI Adoption Across Governance and Public Services

 

India is making bold moves to embed artificial intelligence (AI) in governance, with ministries utilizing AI instruments to deliver better public services and boost operational efficiency. From weather prediction and disease diagnosis to automated court document translation and meeting transcription, AI is being adopted by industry verticals to streamline processes and service delivery. 

The Ministry of Science and Technology is also using AI in precipitation-based weather and climate forecasting, among other things, such as the Advanced Dvorak Technique (AiDT) for estimating cyclone strength and hybrid AI models for weather forecasting. Further, a MauasamGPT, an AI enabled chatbot is being developed for delivering climate advisories to the farmers and other stakeholders. 

Indian Railways has implemented AI in automating handover notes for incoming officers and for checking kitchen cleanliness using sensor cameras. According to reports the ministries are also testing the feasibility of using AI to transcribe long meetings, though the technology is still limited to process (not decision) orientation. Central public sector enterprises such as SAIL, NMDC and MOIL are leveraging AI in process and cost optimization, predictive analytics and in anomaly detection.

Experts, including KPMG India’s Akhilesh Tuteja, recommend a whole-of-government approach to accelerate AI adoption, a transition from pilot projects to full-scale implementation by ministries and states. India AI Governance Guidelines have been released by the Ministry of Electronics and IT (Meity), which constitutes an AI governance group comprising major regulatory bodies to evolve standards, audit mechanism and interoperable tools. 

National Informatics Centre (NIC) has been a pioneer in offering AI as a service for central and state government ministries/departments. AI Satyapikaanan, the face verifier tool is being used by the regional transport offices for driver's license renewals and by the Inter-operable Criminal Justice System for suspect identification. Ministry of Panchayati Raj is backing rural governance that is AI-based (Geospatial analytics) service known as Gram Manchitra.

AI is also making strides in healthcare and justice. The e-Sanjeevani telemedicine platform integrates a Clinical Decision Support System (CDSS) to enhance consultation quality and streamline patient data. AI solutions for diabetic retinopathy screening and abnormal chest X-ray classification have been implemented in multiple states, benefiting thousands of patients. 

In the judiciary, AI is being used to translate court judgments into vernacular languages using tools like AI Panini, which covers all 22 official Indic languages. Despite these advances, officials note that AI usage remains largely confined to non-critical functions, and there are limitations, especially regarding financial transactions and high-stakes decision-making.
Read more »
Ransomware
Cyber Crime CyberCrime Data Fraud India NCRB Ransomware

India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report

 

The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is now a high‑risk ransomware and dark‑web ecosystem within the Asia‑Pacific region. 

NCRB data and growth trend 

The report suggests that NCRB’s “Crime in India” figures show an alarming and persistent increase in reported cybercrimes, increasing from just above 52,000 cases in 2021 to beyond 86,000 cases by 2023, owing to increased digitization, online payments and use of mobile internet. This is a 31.2% year-on-year increase between 2022 and 2023 alone and the country’s cybercrime rate has increased from 4.8 to 6.2 cases per lakh population. 

Fraud is the most prevalent motive, making up almost 69% of all cybercrime incidents in 2023, followed by sexual exploitation, and extortion, highlighting that attackers mainly prey on financial and personal vulnerabilities. States such as Karnataka, Telangana and Uttar Pradesh account for a large number of cases, reflecting higher IT penetration, urbanisation and digital adoption.

Ransomware and dark-web activity

Beyond the raw figures of the NCRB, the report places India among an Asia‑Pacific threat map of sorts, drawing upon the Cyble Monthly Threat Landscape Report for July 2025, to show that India is still among the key targets for operators of ransomware. It cited the Warlock ransomware group for targeting an India-based manufacturing firm, exfiltrating HR, financial, and design data, which was then used for extortion and exposure.

The report also notes dark‑web listings advertising unauthorized access to an Indian telecom network for around US$35,000, including credentials and critical operational details, highlighting the commoditization of network breaches. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims in the observed period, with India and the Philippines close behind, and manufacturing, government, and critical infrastructure sectors bearing the brunt of attacks. 

Additionally, South Asia is experiencing ideologically driven attacks, exemplified by the pro‑India Team Pelican Hackers, which claimed breaches of major Pakistani research and academic institutions. These campaigns blur the line between classic cybercrime and geopolitical conflict, indicating that Indian networks face both profit‑motivated and politically motivated breachs.
Read more »
tax evasion
Cyber Fraud Financial Scam GST Scam India tax evasion

Multi-Crore Fake GST Registration Racket Busted Across 23 States

 

A sophisticated fake GST registration racket operating across 23 Indian states has resulted in a multi-crore tax evasion scam, exploiting weaknesses in the Goods and Services Tax (GST) system to generate fraudulent input tax credit (ITC) and evade government revenue on a large scale.

The modus operandi largely involves creating fake GST registrations using forged documentation, including bogus Aadhaar and PAN cards, to establish shell entities with no actual business operations. These entities then issue fabricated invoices and generate e-way bills for non-existent transactions, facilitating the fraudulent input tax credit claims across genuine and shell companies.

Regulatory authorities, including the Directorate General of GST Intelligence (DGGI), have uncovered several instances where syndicates employed layered transaction trails and fictitious suppliers to divert and siphon funds through systematic bogus invoicing. 

Major raids and investigations in cities such as Chennai and Belagavi have led to the arrest of key accused individuals, recovery of fake documents, freezing of bank accounts, and seizure of property documents linked to the scam. For example, one case in Belagavi revealed fake invoices totaling approximately ₹145 crore, leading to the arrest of an individual under the CGST Act.

This GST fraud network targets not just government revenue, but also paves the way for large multinational firms to benefit from inflated ITC, according to Enforcement Directorate findings. This cross-border and multi-entity approach compounds the scale and complexity of investigations, with dummy entities being used to link bogus invoices and move money through multiple shell companies across several states.

In response, the government has intensified compliance drives and implemented reforms, such as biometric Aadhaar authentication for GST registration in select states and more stringent registration checks. Authorities warn that unsuspecting individuals could have their PAN and Aadhaar details misused for fake GST registrations, making vigilance essential for both businesses and citizens. 

The ongoing investigations continue to unravel the extent of the network, highlighting the need for robust digital authentication, proactive monitoring, and inter-agency coordination to tackle these sophisticated financial crimes.
Read more »
Technology
Digital Media Mandates India News Technology

India Moves to Mandate Labels on AI-Generated Content Across Social Media

India’s Ministry of Electronics and Information Technology has proposed new regulations that would make it compulsory for all social media platforms to clearly label artificial intelligence (AI)-generated or “synthetic” content. 

Under the draft amendment to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, users would be required to self-declare whether their uploaded posts contain AI-generated material. 

If users fail to disclose this, platforms themselves will need to proactively detect and tag such content. The labels must occupy at least 10% of the content’s visible area and would apply to all media formats, including text, video, audio, and images, not just photorealistic deepfakes.

“Deepfakes are harming society by misusing people’s likeness and spreading misinformation,” said IT Minister Ashwini Vaishnaw, stressing the need to help users distinguish between “synthetic” and “real” content online. 

Officials said the draft rules are intended to restore trust in digital information by ensuring that manipulated or computer-generated content is prominently tagged or embedded with unique metadata identifiers. 

The proposed amendment also defines synthetically generated information as content that is “artificially or algorithmically created, generated, modified, or altered using a computer resource in a way that it appears authentic or true.” 

This marks a policy shift from the government’s earlier position, which had maintained that existing laws against impersonation and misinformation were adequate. The latest proposal reflects growing public and parliamentary concern over the social and political impact of deepfakes and manipulated media. 

The Ministry has invited public and industry feedback on the draft amendment until November 6, 2025, with officials noting that major social platforms have acknowledged they already possess the technical tools to comply with such requirements.
Read more »
Welfare Portal
Cyber Fraud India Online Crime Shutterdown Welfare Portal

Cybercrime Gang Busted for Massive Fake Welfare Portal Scam in India

 

A massive inter-state cybercrime syndicate targeting government welfare schemes in India was busted by police under an operation code-named “Shutterdown,” revealing one of the largest frauds of recent years involving over 36 arrests and millions siphoned off from government funds intended for farmers, pensioners, and low-income citizens.

The gang, which included government employees and technically skilled individuals, exploited structural vulnerabilities in official portals of welfare schemes such as PM Kisan Samman Nidhi, Social Security Pension, and various compensation programs.

Sophisticated modus operandi

The perpetrators manipulated government databases, using unauthorized IDs to activate fraudulent accounts and reroute OTPs to agents, ensuring transactions remained undetected during operational hours. 

Fake beneficiaries were created by purchasing bank account details and identity documents from ineligible persons, who were promised welfare funds in exchange for providing their credentials. Large sums were systematically withdrawn using forged identities and quick cash transactions, backed by real-time data manipulation on government digital platforms.

Scale and impact

Police investigations uncovered over 11,000 fake beneficiary accounts, with evidence of systematic syphoning through a web of financial activity stretching across districts such as Jodhpur, Kota, Bundi, Dausa, and beyond. The operation led to the seizure of more than ₹52 lakh in cash, luxury vehicles, hundreds of SIM cards, biometric devices, and documents linked to thousands of accounts.

Police credited the success of the crackdown to proactive citizen informants, technical surveillance, and coordination between state police and banking institutions, including immediate freezing of suspect accounts and deployment of forensic audit teams by leading banks.

Key masterminds and ongoing probe

The fraud’s mastermind, Ramavatar Saini, leveraged intimate knowledge of welfare portals to orchestrate the scam, aided by collaborators like Mohammad Laeeq (with access to nodal office systems) and Subhash (who sourced bulk data of ineligible beneficiaries). 

Additional suspects from multiple states remain at large, with police announcing rewards for their capture. The breakthrough is expected to spark reforms addressing high-tech vulnerabilities in digital welfare delivery platforms and improve coordination for inter-state financial crime investigations.

Authorities have emphasized the need for urgent technical upgrades to official systems and more robust verification protocols to prevent future cyber-enabled misuse of welfare funds. Public vigilance, rapid intelligence sharing, and cross-agency collaboration played a vital role in uncovering the racket and containing its financial fallout.
Read more »
Subscribe to: Comments (Atom)