The Top Ten cyber crime news summaries on The420 are meticulously curated by Future Crime Researchers from the Future Crime Research Foundation (FCRF) and powered by Algoritha Security Pvt. Ltd. These summaries feature the most critical cyber crime developments from around the world. Keep reading—and stay safe.
1. Lucknow City’s First Mobile Malware Cyber Fraud: Man Duped of ₹8 Lakh in App-Based Scam
A man lost ₹8 lakh after unknowingly installing malware through a fake mobile app. The malicious software captured his banking credentials and enabled unauthorized transactions. Police have warned the public about rising malware-based frauds, urging users to avoid clicking on unknown links or downloading apps outside official app stores.
2. Andhra Techie Loses ₹1.74 Crore in Fake Investment App Scam; Cybercrime Gang Busted
An Andhra Pradesh tech professional was defrauded of ₹1.74 crore by a gang running fake investment apps. Promised high returns, he was lured into repeated payments. Cyber police cracked the ring, arresting key members and recovering financial records used to funnel victim money across various digital wallets and bank accounts.
3. Nationwide Cybercrime Crackdown: Police Arrest 48 in Online Fraud Operations
In a coordinated national operation, authorities arrested 48 individuals involved in phishing, loan fraud, and investment scams. The crackdown aimed to dismantle widespread online fraud networks using fake websites and mule accounts. Seized evidence includes laptops, SIM cards, and forged IDs. Investigations are underway to trace additional beneficiaries and masterminds.
4. Repeat Incident: Another ₹8 Lakh Lost in City’s Rising Mobile Malware Scams
Another victim has lost ₹8 lakh in the city’s ongoing wave of mobile malware fraud. Attackers deployed malicious apps to siphon sensitive financial data. The recurrence of such cases signals an alarming trend. Cyber officials are reinforcing digital hygiene campaigns and working with telecom providers to identify the malware sources.
5. Cybercrime Power Couple Arrested in Bengal; Linked to 900 Fraud FIRs Across India
A husband-wife duo operating a nationwide cyber fraud syndicate was arrested in West Bengal. Authorities say they were connected to over 900 FIRs for scams ranging from fake customer support to digital arrest fraud. The couple used a web of mule accounts, call centers, and phishing tactics to dupe victims.
INTERNATIONAL
6. Multi-Layer Redirect Scheme Uncovered to Steal Microsoft 365 Login Credentials
Cybersecurity researchers discovered a sophisticated phishing method using multiple redirect layers to deceive Microsoft 365 users. This tactic masks malicious URLs behind seemingly legitimate links, bypassing detection tools. Once clicked, users are funneled into credential-harvesting sites. The campaign highlights the evolving nature of phishing and the need for vigilant email filtering.
7. ‘Secret Blizzard’ Malware Targets Moscow Embassies via ISP-Level AitM Attacks
The state-backed group Secret Blizzard is deploying malware through ISP-level adversary-in-the-middle (AitM) attacks, targeting embassies in Moscow. These advanced operations intercept encrypted communications at the network level, injecting spyware into embassy devices. Experts warn this signals an escalation in state surveillance capabilities and geopolitical cyber espionage strategies.
8. Storm-2603 Installs DNS-Backdoor in Ransomware Campaigns Tied to Warlock and LockBit
Storm-2603 is using a DNS-controlled backdoor to manage ransomware payloads linked to Warlock and LockBit. The malware allows attackers to maintain stealthy access and update instructions via DNS queries. This method avoids traditional command-and-control detection, enabling prolonged infiltration of enterprise systems across multiple industries without immediate detection.
9. AI-Generated npm Malware Package Drains Solana Crypto Wallets of 1,500+ Users
A malicious npm package generated using AI tools was used to drain Solana wallets of over 1,500 users. Disguised as a legitimate software dependency, it accessed users’ private keys upon installation. The attack showcases how generative AI is being exploited to create convincing, weaponized code in open-source environments.
10. Hackers Use Tycoon Kit and Fake OAuth Apps to Infiltrate Microsoft 365 Accounts
Hackers are using the Tycoon phishing kit and fraudulent OAuth apps to breach Microsoft 365 accounts. Victims unknowingly authorize rogue apps, giving attackers access to emails and cloud data. This approach bypasses password-based protections, emphasizing the need for app permission reviews and stricter access control in enterprise environments.
Click Here For The Original Source.
