1. 85-year-old duped of 5.3L in cyber fraud
An 85-year-old retired professor from Rajendra Nagar lost Rs 5.36 lakh to cybercriminals posing as bank customer care executives. They tricked him into downloading a malicious APK file under the guise of updating credit card KYC. The file gave them access to his phone. Police have launched an investigation.
2. Chandigarh Man Duped of Rs 1.08 Crore in Online Trading Scam
A Chandigarh resident lost Rs 1.08 crore in an online trading scam after being lured with promises of high returns. Over 500 cyber fraud cases were reported in the city last year. Police warn against fake trading apps and urge victims to call the cyber helpline 1930 for immediate help.
3. Pune: 70-Year-Old Woman Loses Rs 2.57 Crore to Cyber Fraudsters
A 70-year-old Pune widow lost Rs 2.57 crore to cyber fraudsters posing as ED and Maharashtra Police officials. Claiming her account was linked to a money laundering case, they pressured her into transferring money and isolated her through digital arrest tactics. She made 74 transfers over 20 days, believing them.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
4. Karnataka: Elderly Couple Ends Life After Rs 50 Lakh Cyber Scam Loss
An elderly couple in Karnataka’s Belagavi died by suicide after losing over Rs 50 lakh to cyber fraudsters posing as Delhi Crime Branch officials. The scammers accused them of criminal involvement and extorted money through threats. A suicide note revealed their despair. Police have launched a detailed investigation into the case.
5. Tinsukia: Assam Police Dismantle Cyber Fraud Gang, Arrest Eight
Tinsukia Police arrested eight cyber criminals during a raid in Tamulbari, uncovering a call centre linked to online betting and financial fraud. Four suspects were from Tinsukia and four from Chhattisgarh. Police seized mobile phones, laptops, tablets, over 130 ATM cards, and 50+ bank passbooks. Investigation is ongoing.
INTERNATIONAL
6. New Android Trojan ‘Crocodilus’ Exploits Accessibility Features to Steal Banking and Crypto Data
Researchers have uncovered a new Android banking malware, Crocodilus, targeting users in Spain and Turkey. Disguised as Google Chrome, it exploits accessibility services to steal banking and crypto credentials. Equipped with remote control, black screen overlays, and data harvesting, it poses a serious threat with advanced device takeover and fraud capabilities.
7. BlackLock Ransomware Unmasked After Researchers Breach Leak Site Vulnerability
Threat hunters exploited a flaw in BlackLock ransomware’s leak site, exposing its infrastructure, operations, and affiliates. Resecurity found a local file inclusion (LFI) bug revealing commands, credentials, and links to cloud storage. The breach defaced BlackLock’s site and raised speculation of a takeover by rival group DragonForce. Investigation continues.
Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation
8. Researchers Discover 46 Critical Vulnerabilities in Solar Inverters by Sungrow, Growatt, and SMA
Researchers uncovered 46 critical flaws in solar inverters from Sungrow, Growatt, and SMA, allowing remote code execution, device takeover, and data theft. Dubbed SUN:DOWN, the vulnerabilities threaten power grid stability. Vendors patched the flaws, but experts warn of potential botnet attacks and urge stricter security for solar infrastructure.
9. CoffeeLoader Malware Deploys GPU-Based Packing to Bypass EDR and Antivirus
Researchers have uncovered CoffeeLoader, a stealthy malware that downloads second-stage payloads while evading antivirus tools using GPU-based packing, call stack spoofing, and sleep obfuscation. Mimicking ASUS’s Armoury Crate, it establishes persistence and contacts a C2 server to deploy further malware. CoffeeLoader may be linked to the known SmokeLoader family.
10. PJobRAT Malware Targets Taiwanese Users Through Fake Messaging Apps
PJobRAT, an Android malware previously used against Indian military targets, resurfaced in a campaign targeting Taiwanese users via fake chat apps. Active since 2019, the malware steals personal data and runs shell commands. It now uses Firebase Cloud Messaging for control. The campaign ended in late 2024 after two years.
Follow The420.in on
Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube
