400 criminals supplied malware by Telegram bot: Inside Gujarat’s major cyber crime network | #cybercrime | #infosec


Police said the purchase and distribution mechanism was deliberately designed to conceal the identities of both buyers and sellers. Cyber criminals purchasing APK files were allegedly instructed to make payments using SBI’s YONO Cash facility.

After receiving transaction details and OTP credentials, the accused would withdraw cash from ATMs, retain commissions and personally transfer the remaining money to the malware developer, thereby avoiding conventional banking trails.

Investigators also discovered that Sitaram Mandal allegedly supplied APK files to other cyber criminals while simultaneously arranging bank cards and financial accounts through which stolen funds could be routed and withdrawn.

The investigation further revealed how the malware operated once installed on a victim’s device. The APK files granted fraudsters remote access to mobile phones, enabling them to monitor SMS messages, intercept OTPs, access contacts, read notifications, track call logs and collect confidential banking information. Armed with this data, the accused allegedly logged into victims’ banking applications and transferred money directly from their accounts.

Police recovered multiple malicious APK files during searches of the accused persons’ devices. Several of these applications were found masquerading as services linked to banks, customer support platforms and financial institutions.

Investigators also seized technical evidence related to domains, servers, e-mail accounts and backend infrastructure allegedly used to run the cyber fraud operation.

One of the most alarming findings of the investigation was the malware’s self-propagating mechanism. Police said the APK files were not merely sent to individual victims. Once installed, the malware automatically forwarded itself to all WhatsApp and Telegram groups connected to the infected user’s device.

Every new victim unknowingly became a carrier, triggering a chain reaction that enabled the malicious application to spread rapidly across thousands and potentially lakhs of mobile phones within days.

“These cyber criminals operated a highly structured and systematic fraud network. They used fake utility alerts, KYC update messages, banking notifications and customer service communications to lure victims into downloading malware. Once access was gained, they stole banking credentials, intercepted OTPs and transferred money from victims’ accounts. The investigation has exposed an organised cyber ecosystem involving malware developers, distributors and financial facilitators,” officials associated with the investigation said.

Police believe the arrests have disrupted a major cyber fraud network, but investigators are continuing to probe additional suspects, financial trails and technical infrastructure linked to the operation.

Further arrests are expected as the investigation progresses.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW