Security News
An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites...
The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. India Today reports that there are at least 5,000 more held captive in Cambodia and forced to launch scams that have generated nearly $60,000,000 in the last six months.
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is...
The global government affairs team at X has suspended some accounts and posts in India after receiving executive orders to do so from the country's government, backed by threat of penalties including significant fines and imprisonment. The team revealed its actions on Thursday, writing "In compliance with the orders, we will withhold these accounts and posts in India alone; however, we disagree with these actions and maintain that freedom of expression should extend to these posts." X has appealed the order and notified impacted users.
The Reserve Bank of India announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline. Indian media report that governor Shaktikanta Das outlined scenarios for the programmable digital rupee, including allowing government agencies to ensure payments to citizens are only used for defined benefits.
India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information requests - the nation's equivalent of the freedom of information queries in the US, UK, or Australia. Reasons for the exemption have not been explained, but The Register has reported on one case in which an RTI request embarrassed CERT-In. That case related to India's sudden decision, in April 2022, to require businesses of all sizes to report infosec incidents to CERT-in within six hours of detection.
Multiple top leaders of India's opposition parties and several journalists have received a notification from Apple, saying that "Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.". For India to uphold fundamental rights, authorities must initiate an immediate independent inquiry, implement a ban on the use of rights-abusing commercial spyware, and make a commitment to reform the country's surveillance laws.
China-based scammers are using a combination of fake loan apps and India's real-time mobile payment system, Unified Payments Interface, to separate victims from their cash, according to a report by threat intel firm CloudSEK. "UPI service providers currently operate without coverage under the Prevention of Money Laundering Act," explained [PDF] CloudSEK researchers, letting the scammers' exploit the platforms with relative ease. Chinese payment gateways ensure the authorities cannot pursue the scammers.
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail...
India's Central Bureau of Investigation raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams and cryptocurrency fraud. The police operation, part of Operation Chakra-II, aims to dismantle cyber-enabled financial crime rings and is a collaborative effort involving international law enforcement agencies and tech companies such as Microsoft and Amazon, working alongside the Indian federal enforcement agency.