Hyderabad police warn citizens of cyber-attack risks amid tensions with Pakistan

D. Kavitha, DCP (Cybercrimes) said the groups sympathetic with the enemy could use sophisticated tactics such as phishing emails, fake login pages, and malicious attachments to gain unauthorized access to sensitive information.

Hyderabad: The Hyderabad city police in wake of the escalating Indo-Pakistan conflicts have warned the citizens about risk of cyber-attacks, particularly from State sponsored advanced persistent threats known for targeting Indian government agencies, military personnel, and critical infrastructure.

D. Kavitha, DCP (Cybercrimes) said the groups sympathetic with the enemy could use sophisticated tactics such as phishing emails, fake login pages, and malicious attachments to gain unauthorized access to sensitive information.

The police had noticed a surge in malicious content spreading rapidly through WhatsApp, e-mail, and social media platforms with respect to the Indo-Pak conflict. The content includes deceptive videos, images,‘.exe/.apk’ files and phishing links disguised as news or updates related to the ongoing Indo-Pak conflict.

“The threat actors are exploiting heightened public interest and tension around the situation to target unsuspecting individuals with malware, fake news, and cyber scams. These cyber criminals are circulating malicious content under the pretext of exclusive updates, conflict-related visuals, or leaked footage, with many of these materials carrying malware, spyware, or links to phishing websites,” said Kavitha.

The content can be in the form of links or even photographs sent from unknown numbers or forwarded in WhatsApp, Telegram or any other social media groups.

How the Cyber Attack surface:

The malicious .apk file, .exe file and the video files/links shared in

WhatsApp/emails/other social media platforms are being used as disguising malware as videos or images titled ‘Dance of the Hillary’, “Army_Job_Application_Form.pdf” and executable file ‘tasksche.exe’

Embedding phishing links in messages that appear to come from trusted sources or groups to steal personal data through phishing websites designed to look like legitimate news or government sources.

Spreading APK (Android Package) files labeled as apps or tools(e.g., “live war updates app”), which once installed, steal data, access device files, or lock phones with ransomware and demands payment.

Once these malicious links/ image/ .exe/ .apk files are downloaded, a malware is installed in the device which can result in compromising the device, hacking of bank accounts or social media accounts etc.

Advisory for WhatsApp and Social Media:

• Never open unknown video or image files, even if forwarded by someone you trust

• Never forward such messages / files to anyone or to any group

• Avoid installing APK files sent via messaging apps. Only install apps from Google Play Store or official app stores

• Do not click on forwarded links claiming to show conflict updates or sensitive footage

• Exit, report and delete suspicious WhatsApp groups sharing inflammatory or unverified content.

Enhanced security setup in WhatsApp:

• In WhatsApp settings -> Storage and data ->disable Media Auto Download for all such as Photos, Audio, Videos and Documents

• Enable 2 Step Verification in WhatsApp Account setting to avoid account hack

• Report any malicious messages or group activity directly to WhatsApp or report in cybercrime.gov.in

For Email Users:

• Do not open emails from unknown senders, especially those with urgent subject lines related to Indo-Pak conflict

• Avoid downloading attachments or clicking on links in unsolicited emails

• Check the email address carefully. Phishing emails often mimic legitimate organizations

• Enable 2-factor authentication (2FA) on all accounts

General Cyber Hygiene:

• For following the updates on the Indo-Pakistan conflict, only use verified news channels and social media handles

• Fact checkers can be used to avoid forwarding or downloading sensitive fake news

• Be wary of messages or posts claiming to show sensitive or exclusive news

• Never download or click on links shared via social media without verification

• Regularly back up important data on external or cloud storage

• Update your antivirus and mobile security software regularly

• Avoid sharing unverified content, especially during sensitive geopolitical events

• Verify information through official government websites and official handles.

Reporting:

• Dial Helpline number 1930 or register your complaint at www.cybercrime.gov.in

• Remain vigilant, report suspicious content