In one of Himachal Pradesh’s biggest cyber frauds to date, ₹11.55 crore was siphoned from the State Cooperative Bank via a malware attack that exploited a customer’s account linked to the Chamba district branch. The case, involving remote access apps, server intrusion, and NEFT/RTGS laundering, has prompted a multi-agency investigation with nationwide implications.
Malware, Mobile Apps, and a Hijacked Account: How the Cyber Heist Unfolded
In a meticulously orchestrated cyberattack that has sent shockwaves through Himachal Pradesh’s financial institutions, cybercriminals stole ₹11.55 crore from a customer’s account at the Chamba-based Halti branch of the State Cooperative Bank. The theft, carried out on May 11 and 12, involved a malware breach on the bank’s servers, with funds swiftly routed to 20 different accounts via NEFT and RTGS transfers.
According to the FIR obtained by Aaj Tak, the fraudsters first convinced the victim to download a malicious mobile app named HimPaisa, which granted them remote access to the customer’s phone. From there, the attackers infiltrated the bank’s internet banking interface, initiating unauthorized transfers.
The breach was not a one-off phishing attempt, but a targeted malware operation, suggesting professional cybercriminal involvement. Once inside the system, the perpetrators simulated a loan disbursement, transferring funds into a shadow account, which was then quickly dispersed to various accounts to evade detection and maximize laundering efficiency.
Crisis at the Core: A Banking System Under Scrutiny
Following the revelation, the bank’s Chief Information Security Officer (CISO) lodged a formal complaint on May 16 at the Shimla Sadar Police Station. A Zero FIR was initially filed, and the case was escalated to the Cyber Police Station in Shimla, where a full-fledged investigation has begun.
DIG Cyber Crime Mohan Chawla, in a statement to the media, confirmed that special task forces have been formed in collaboration with CERT-In and IFORC, and Delhi-based digital forensic teams are also involved.
He emphasized that the FIR has been registered under BNS Section 318(4) and Section 66D of the IT Act, covering identity fraud and cyber deception. The scale of the operation has sparked not just a criminal investigation, but a broader security audit of the State Cooperative Bank’s infrastructure and response readiness.
Authorities are probing whether there was any insider complicity, questioning firewall integrity, weekend staffing protocols, transaction log maintenance, and update cycles of critical cybersecurity tools.
ALSO READ: FCRF Launches Campus Ambassador Program to Empower India’s Next-Gen Cyber Defenders
Beyond Himachal: National Teams Join Search for Masterminds
This attack is not being treated as an isolated local breach. Central cybersecurity teams are now investigating whether this heist is part of a wider syndicate that may have tested vulnerabilities across multiple government-run banks.
“There are questions we must ask not just about the hackers, but about preparedness and awareness among bank personnel,” a CERT-In official told media. “Was staff trained to detect suspicious login behavior? Were server logs monitored in real-time? Were alerts raised but ignored?”
The stolen funds, now scattered across multiple bank accounts, are being tracked, but the laundering networks involved may extend beyond state or national boundaries, investigators fear.
