#FactCheck - Bangladeshi Migrant’s Arrest Misrepresented as Indian in Viral Video!

Introduction

Over the past few months, cybercriminals have upped the ante with highly complex methods targeting innocent users. One such scam is a new one that exploits WhatsApp users in India and globally. A seemingly harmless picture message is the entry point to stealing money and data. Downloading seemingly harmless images via WhatsApp can unknowingly install malware on your smartphone. This malicious software can compromise your banking applications, steal passwords, and expose your personal identity. With such malware-laced instant messages now making headlines, it is advised for netizens to exercise extreme caution while handling media received on messaging platforms.

How Does the WhatsApp Photo Scam Work?

Cybercriminals began embedding malicious code in images being shared on WhatsApp. Here is how the attack typically works:

1.  The user receives a WhatsApp message from an unknown number with an image.
2. The image may appear harmless—a greeting, meme, or holiday card—but it's packed with hidden malware.
3. When the user taps to download the image, the malware gets installed on the phone in silent mode.
4. Once installed, the malware is able to capture keystrokes, read messages, swipe banking applications, swipe credentials, and even hijack device functionality.
5. Allegedly, in its advanced versions, it can exploit two-factor authentication (2FA) and make unauthorised transactions.

Who Is Being Targeted?

This scam targets both Android and iPhone users, with a focus on vulnerable groups like senior citizens, busy workers during peak seasons, and members of WhatsApp groups flooded with forwarded messages. Experts warn that a single careless click is enough to compromise an entire device.

What Can the Malware Do?

Upon installation, the malware grants hackers a terrifying level of access:

• Track user activity via keylogging or screen capture.
• Pilfer banking credentials and initiate fund transfers automatically.
• Obtain SMS or app-based 2FA codes, evading security layers.
• Clone identity information, such as Aadhaar details, digital wallets, and email access.
• Control device operations, including the camera and microphone.

This level of intrusion can result in not just financial loss but long-term digital impersonation or blackmail.

Safety Measures for WhatsApp Users

1. Never Download Media from Suspicious Numbers

Do not download any files or pictures, even if the content appears to be familiar, unless you have faith in the source. Spread this advice among family members, particularly the older generation.

2. Turn off Auto-Download in WhatsApp Settings

Navigate to Settings > Storage and Data > Media Auto-Download. Switch off auto-download for mobile data, Wi-Fi, and roaming.

3. Install and Update Mobile Security Apps

Ensure your phone is equipped with a good antivirus or mobile security app that is updated from time to time.

4. Block and Report Potential Scammers

WhatsApp offers the ability to block and report senders in a straightforward manner. This ensures that it notifies the platform and others as well.

5. Educate Your Community

Share your knowledge on cyber hygiene with family, friends, and colleagues. Many people fall victim simply because they aren't aware of the risks, staying informed and spreading the word can make a big difference.

Advisories and Response

The Indian Cybercrime Coordination Centre (I4C) and other state cyber cells have released several alerts on increasing fraud via messaging platforms. Law enforcement agencies are appealing to the public not only to be vigilant but also to report any incident at once through the National Cybercrime Reporting Portal (cybercrime.gov.in).

Conclusion

The WhatsApp photo scam is a stark reminder that not all dangers come with a warning. A picture can now be a Trojan horse, propagating silently from device to device and draining personal money. Do not engage with unwanted media, refresh and update your privacy and security settings. Cyber criminals survive on neglect and ignorance, but through digital hygiene and vigilance, we can fight against these types of emerging threats.

References

• https://www.opswat.com/blog/how-emerging-image-based-malware-attacks-threaten-enterprise-defenses
• https://www.indiatvnews.com/technology/news/whatsapp-photo-scam-alert-downloading-random-images-could-cost-you-big-2025-05-06-988855
• https://www.hindustantimes.com/india-news/what-is-the-whatsapp-image-scam-and-how-can-you-stay-safe-from-it-101744353412848.html
• https://faq.whatsapp.com/898107234497196/?helpref=uf_share
• https://www.welivesecurity.com/en/malware/malware-hiding-in-pictures-more-likely-than-you-think/
• https://faq.whatsapp.com/573786218075805
• https://www.reversinglabs.com/blog/malware-in-images

‍

Introduction

In an era expounded by rapid communications and live coverage of global affairs, users often encounter misinformation continuously, and it has emerged as a huge challenge. Misinformation is false or inaccurate information, believed to be true, and shared without any intention to deceive. On the other hand, disinformation refers to false information that is intended to mislead, especially with set propaganda. It steadily affects all aspects of life and can even lead to a profound impact on geopolitics, international relations, wars, etc. When modern media announces “breaking news,” it captures attention and keeps viewers engaged. In the rush for television rating points, information may be circulated without proper fact-checking. This urgency can result in the spread of unverified claims and the elevation of irrelevant details, while truly important issues are overlooked. Such practices can distort public understanding and impact strategic political decisions.

Misinformation and Fake News in Recent History

The phenomenon of misinformation is not limited to isolated incidents but has become a recurring feature of political events around the globe. This business has increasingly become visible in recent political history, where it has not only sensationalised the general public but also affected international relations and democratic outcomes. For example, during Slovakia’s elections in 2023, the country experienced a major surge of online misinformation. Over 365,000 misleading posts were posted on social media platforms, majorly influencing public opinion and leading to challenges for voters. A lot of this content was amplified by political leaders. The media's rush to deliver content sometimes makes it easier for false narratives to dominate the public sphere, shaping voter opinions and undermining informed political discourse.

Current Geopolitical Interference by Misinformation

In the recent Hamas-Israel conflict, manipulated images and unverified reports complicated diplomacy. Such campaigns distort facts, complicate humanitarian responses, and escalate conflicts. This growing trend shows how misinformation now acts as a weapon of war, exploiting media urgency and undermining international stability.

Indo–Pak Conflict Exaggeration

The India-Pakistan conflict is a long-dragged and complex issue in South Asia. It has been continuously dragged from traditional to contemporary media. But in recent tensions and war situations media raised serious concerns about misinformation. Live media coverage can sometimes mislead the public with speculative information. The live coverage continuously addressed it as breaking news and escalated excitement and fear, distorting the reality on the ground. Moreover, the real-time reporting of sensitive military activities like mock drills, blackouts, troop movements, air strikes, etc., interfered with strategic operations. Such reporting may lead to obstructing decision-making processes and placing operational missions at risk. Later Defence Ministry called it out in one of their X posts. Such media-driven exaggeration causes mass hysteria, and eventually, emotional and patriotic sentiments are evoked. 

Legal and Political Recommendations 

The intersection of media urgency and national security may have serious geopolitical repercussions if not managed with legal and ethical restrictions. International Frameworks like UNESCO‘s Guidelines for regulating Digital Platforms, 2023, and the Digital Services Act, 2022, regulate and govern digital platforms.

Despite the existence of international and national guidelines, there remains an urgent need to strengthen cyber laws by imposing strict penalties and compensation mechanisms for the dissemination of unverified information. Media outlets must also refrain from indiscriminately labelling every report as “breaking news.” Since the modern media deals in digital data, the protection of strategic state movements should be regulated with checks and balances. 

Ethical considerations should be maintained during the publication or streaming of any information. Media should have self-regulations to fact-check and publish only authorised and double-verified information. 

Given the borderless nature of the internet and the rapid, global spread of misinformation, international cooperation is imperative. Addressing the challenges posed by cross-border mis/disinformation requires a shared understanding and coordinated response among states at the global level.

References

• https://pam.int/wp-content/uploads/2024/10/EN-Background-paper-on-disinformation-and-fake-news-Jan-2024.pdf
• https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3172349
• https://www.unesco.org/sites/default/files/medias/fichiers/2023/04/draft2_guidelines_for_regulating_digital_platforms_en.pdf
• https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act_en

‍

Overview:

After the blackout on July 19, 2024, which affected CrowdStrike’s services worldwide, cybercriminals began to launch many phishing attacks and distribute malware. These activities mainly affect CrowdStrike customers, using the confusion as a way to extort information through fake support sites. The analysis carried out by the Research Wing of CyberPeace and Autobot Infosec has identified several phishing links and malicious campaigns.

The Exploitation:

Cyber adversaries have registered domains that are similar to CrowdStrike’s brand and have opened fake accounts on social media platforms. These are fake platforms that are employed to defraud users into surrendering their personal and sensitive details for use in other fraudulent activities.

Phishing Campaign Links:

• crowdstrike-helpdesk[.]com
• crowdstrikebluescreen[.]com
• crowdstrike-bsod[.]com
• crowdstrikedown[.]site
• crowdstrike0day[.]com
• crowdstrikedoomsday[.]com
• crowdstrikefix[.]com
• crashstrike[.]com
• crowdstriketoken[.]com
• fix-crowdstrike-bsod[.]com
• bsodsm8r[.]xamzgjedu[.]com
• crowdstrikebsodfix[.]blob[.]core[.]windows[.]net
• crowdstrikecommuication[.]app
• fix-crowdstrike-apocalypse[.]com
• supportportal-crowdstrike-com[.]translate[.]goog
• crowdstrike-cloudtrail-storage-bb-126d5e[.]s3[.]us-west-1[.]amazonaws[.]com
• crowdstrikeoutage[.]info
• clownstrike[.]co[.]uk
• crowdstrikebsod[.]com
• whatiscrowdstrike[.]com
• clownstrike[.]co
• microsoftcrowdstrike[.]com
• crowdfalcon-immed-update[.]com
• crowdstuck[.]org
• failstrike[.]com
• winsstrike[.]com
• crowdpass[.]com

In one case, a PDF file is being circulated with CrowdStrike branding, saying ‘Download The Updater,’ which is a link to a ZIP file. The ZIP file is a compressed file that has an executable file with a virus. This is a clear sign that the hackers are out to take advantage of the current situation by releasing the malware as an update.

‍

‍

‍

In another case, there is a malicious Microsoft Word document that is currently being shared, which claims to offer a solution on how to deal with this CrowdStrike BSOD bug. But there is a hidden risk in the document. When users follow the instructions and enable the embedded macro, it triggers the download of an information-stealing malware from a remote host. This is a form of malware that is used to steal information and is not well recognized by most security software. Also it sends the stolen data to the samesame remote host but with different port number, which likey works as the CnC server for the campaign.

• Name New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows[.]docm
• MD5 dd2100dfa067caae416b885637adc4ef
• SHA-1 499f8881f4927e7b4a1a0448f62c60741ea6d44b
• SHA-256 803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61
  
• URLS http://172.104.160[.]126:8099/payload2.txt, http://172.104.160[.]126:5000/Uploadss

‍

Recent Outage Impact:

On July 19, 2024, CrowdStrike faced a global outage that originated from an update of its Falcon Sensor security software. This outage affected many government organizations and companies in different industries, such as finance, media, and telecommunications. The event led to numerous complaints from the users who experienced problems like blue screen of death and system failure. Although, CrowdStrike has admitted to the problem and is in the process of fixing it. 

Preventive Measures:

• Organize regular awareness sessions to educate the employees about the phishing techniques and how they can avoid the phishing scams, emails, links, and websites.
• MFA should be used for login to the sensitive accounts and systems for an improvement on the security levels.
• Make sure all security applications including the antivirus and anti-malware are up to date to help in the detection of phishing scams.
• This includes putting in place of measures such as alert on account activity or login patterns to facilitate early detection of phishing attempts.
• Encourage employees and users to inform the IT department as soon as they have any suspicions regarding phishing attempts.

Conclusion:

The recent CrowdStrike outage is a perfect example of how cybercriminals take advantage of the situation and user’s confusion and anxiety. Thus, people and organizations can keep themselves from these threats and maintain the confidentiality of their information by being cautious and adhering to the proper standards. To get the current information on the BSOD problem and the detailed instructions on its solution, visit CrowdStrike’s support center. Reported problems should be handled with caution and regular backup should be made to minimize the effects.

References:

• https://app.any.run/tasks/2c0ffc87-4059-4d6f-8306-1258cf33aa54/
• https://app.any.run/tasks/48e18e33-2007-49a8-aa60-d04c21e8fa11
• https://www.virustotal.com/gui/file/19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0/relations
• https://www.virustotal.com/gui/file/803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61/detection
• https://www.joesandbox.com/analysis/1478411#iocs

‍