A serving Thane police officer fell victim to a malicious WhatsApp PDF file, resulting in the loss of ₹6.01 lakh across 16 separate transactions. Shockingly, the cybercriminal managed to bypass the officer’s daily debit limit of ₹1 lakh, highlighting potential flaws in banking security measures.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Malicious File Breaches Officer’s Bank Despite Limits
The victim, identified as S.B. Tadvi, who is posted at the Shivaji Nagar police station, received a random WhatsApp message on May 31. A PDF file downloaded automatically and subsequently disappeared from his device shortly after. Within hours, Tadvi received multiple alerts indicating that ₹6.01 lakh had been transferred from his account to another, despite his strict daily withdrawal cap of ₹1 lakh.
He immediately filed a complaint via the Thane cybercrime helpline. Investigators are currently focused on how the malware embedded in the PDF was able to circumvent both the phone’s operating system and the bank’s debit limit protections.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Cyber Unit Launches Probe into Debit Limit Breach
The police registered the case under Section 66D of the Information Technology Act, which pertains to cheating through computer resources. As part of the investigation, forensic experts are analysing the document’s code to understand how the breach occurred.
Initial investigations suggest that the PDF may have contained stealthy banking malware or trojan-style code that intercepted banking credentials, manipulated SMS alerts, or conducted unauthorized transactions without detection. Investigators are also looking into whether similar malware variants are being used in parallel cases targeting both civilians and officials.
Next Steps Recommended by Cybercrime Authorities:
- Validate all attachments, even from unknown sources.
- Enable robust endpoint protection and regular mobile security scans.
- Promptly report any suspicious financial alerts to your bank and cyber helpline.
Thane’s cyber unit continues to trace the transactions, hoping to block the receiving accounts and recover the stolen funds. Further arrests may follow as the investigation widens.
About the Author – Anirudh Mittal is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.