Hyderabad — A major cybersecurity breach has raised alarm across Telangana’s administrative and media ecosystem after multiple official WhatsApp groups—including those linked to cabinet ministers, senior bureaucrats, and journalists—were reportedly compromised.
Initial assessment suggests that the attack was carried out through a fake SBI Aadhaar update alert, which contained a malicious APK file disguised as a mandatory verification update.
Phishing Message Spread Systematically: “Aadhaar Verification Required – SBI Notice”
According to cyber intelligence sources, the hackers circulated a message mimicking an official banking notification. The message urged users to download an attached APK to avoid service disruption linked to Aadhaar–bank KYC timelines. Once installed, the malware reportedly granted attackers:
- Full access to WhatsApp and communication logs
- Ability to change WhatsApp group admin controls
- Access to stored SMS, contacts, and internal device permissions
- Potential access to stored OTPs and verification messages
The scope reportedly includes CMO staff groups, Deputy Chief Minister’s media communication channels, political WhatsApp broadcast lists, and multiple journalist networks.
Algoritha Prepares You for Seamless DPDP Compliance — Contact Us for Complete Implementation Support
Compromise Detected After Sudden Group Control Changes
The breach came to light after several users reported unusual activity, including:
- Automatic transfer of admin rights to unknown numbers
- Locked group messaging settings
- Unauthorized forwarding of messages
- New device login warnings and suspicious notifications
Screenshots and warning messages quickly circulated across social media platforms and internal networks, prompting immediate administrative concern.
Cyber Police Begin Technical Audit; Forensic Teams Deployed
The Telangana Cyber Crime Unit confirmed that a probe has been initiated. Digital forensic experts are now analyzing compromised devices and tracking the malware’s origin and distribution route. An investigator involved in the case said:
“APK-based infiltration is one of the most serious forms of breach because it grants full system-level permissions. This incident is being treated as a targeted cyberattack.”
Officials have not ruled out possibilities of data theft, state surveillance attempts, or testing for a larger coordinated attack.
Experts Warn of Pattern Matching Spear-Phishing Campaign
Cybersecurity analysts believe the methodology aligns with precision-targeted spear-phishing, designed not for random users but for individuals holding administrative, political or media influence. A senior cybersecurity researcher said:
“Government communication in India is deeply dependent on WhatsApp channels. Attacking such nodes is strategically significant and aligns with patterns seen in state-sponsored cyber operations worldwide.”
Advisory Issued: Users Asked to Follow Emergency Protocols
Authorities and cybersecurity experts have circulated precautionary measures urging users to:
- Avoid installing any APK files received through SMS, WhatsApp, or unknown links
- Enable Two-Step Verification (2FA) in WhatsApp settings
- Reset device access permissions and revoke unfamiliar login attempts
- Report suspicious activities to the national cyber helpline 1930 or the CERT-In portal
Users were also cautioned against forwarding bank- or Aadhaar-related links without verification.
Government Statement Expected; Situation Under Monitoring
Authorities are expected to release an official advisory and risk assessment report once the scale of compromise is fully mapped. Meanwhile, users especially those linked to official communication infrastructure have been urged to remain cautious and avoid interacting with unsolicited links or files.
