#FactCheck - Viral Claim of Highway in J&K Proven Misleading

Introduction

As we delve deeper into the intricate, almost esoteric digital landscape of the 21st century, we are confronted by a new and troubling phenomenon that threatens the very bastions of our personal security. This is not a mere subplot in some dystopian novel but a harsh and palatable reality firmly rooted in today's technologically driven society. We must grapple with the consequences of the alarming evolution of cyber threats, particularly the sophisticated use of artificial intelligence in creating face swaps—a technique now cleverly harnessed by nefarious actors to undermine the bedrock of biometric security systems.

What is GoldPickaxe?

It was amidst the hum of countless servers and data centers that the term 'GoldPickaxe' began to echo, sending shivers down the spines of cybersecurity experts. Originating from the intricate web spun by a group of Chinese hackers as reported in Dark Reading. GoldPickaxe represents the latest in a long lineage of digital predators. It is an astute embodiment of the disguise, blending into the digital environment as a seemingly harmless government service app. But behind its innocuous facade, it bears the intent to ensnare and deceive, with the elderly demographic being especially susceptible to its trap.  

Victims, unassuming and trustful, are cajoled into revealing their most sensitive information: phone numbers, private details, and, most alarmingly, their facial data. These virtual reflections, intended to be the safeguard of one's digital persona, are snatched away and misused in a perilous transformation. The attackers harness such biometric data, feeding it into the arcane furnaces of deepfake technology, wherein AI face-swapping crafts eerily accurate and deceptive facsimiles. These digital doppelgängers become the master keys, effortlessly bypassing the sentinel eyes of facial recognition systems that lock the vaults of Southeast Asia's financial institutions.

Through the diligent and unyielding work of the research team at Group-IB, the trajectory of one victim's harrowing ordeal—a Vietnamese individual pilfered of a life-altering $40,000—sheds light on the severity of this technological betrayal. The advancements in deep face technology, once seen as a marvel of AI, now present a clear and present danger, outpacing the mechanisms meant to deter unauthorized access, and leaving the unenlightened multitude unaware and exposed.

Adding weight to the discussion, experts, a potentate in biometric technology, commented with a somber tone: 'This is why we see face swaps as a tool of choice for hackers. It gives the threat actor this incredible level of power and control.' This chilling testament to the potency of digital fraudulence further emphasizes that even seemingly impregnable ecosystems, such as that of Apple’s, are not beyond the reach of these relentless invaders.

New Threat

Emerging from this landscape is the doppelgänger of GoldPickaxe specifically tailored for the iOS landscape—GoldDigger's mutation into GoldPickaxe for Apple's hallowed platform is nothing short of a wake-up call. It engenders not just a single threat but an evolving suite of menaces, including its uncanny offspring, 'GoldDiggerPlus,' which is wielding the terrifying power to piggyback on real-time communications of the affected devices. Continuously refined and updated, these threats become chimeras, each iteration more elusive, more formidable than its predecessor.

One ingenious and insidious tactic exploited by these cyber adversaries is the diversionary use of Apple's TestFlight, a trusted beta testing platform, as a trojan horse for their malware. Upon clampdown by Apple, the hackers, exhibiting an unsettling level of adaptability, inveigle users to endorse MDM profiles, hitherto reserved for corporate device management, thereby chaining these unknowing participants to their will.

How To Protect

Against this stark backdrop, the question of how one might armor oneself against such predation looms large. It is a question with no simple answer, demanding vigilance and proactive measures. 

General Vigilance : Aware of the Trojan's advance, Apple is striving to devise countermeasures, yet individuals can take concrete steps to safeguard their digital lives.

Consider Lockdown Mode:  It is imperative to exhibit discernment with TestFlight installations, to warily examine MDM profiles, and seriously consider embracing the protective embrace of Lockdown Mode. Activating Lockdown Mode on an iPhone is akin to drawing the portcullis and manning the battlements of one's digital stronghold. The process is straightforward: a journey to the settings menu, a descent into privacy and security, and finally, the sanctification of Lockdown Mode, followed by a device restart. It is a curtailment of convenience, yes, but a potent defense against the malevolence lurking in the unseen digital thicket.

As 'GoldPickaxe' insidiously carves its path into the iOS realm—a rare and unsettling occurrence—it flags the possible twilight of the iPhone's vaunted reputation for tight security. Should these shadow operators set their sights beyond Southeast Asia, angling their digital scalpels towards the U.S., Canada, and other English-speaking enclaves, the consequences could be dire.

Conclusion

Thus, it is imperative that as digital citizens, we fortify ourselves with best practices in cybersecurity. Our journey through cyberspace must be cautious, our digital trails deliberate and sparse. Let the specter of iPhone malware serve as a compelling reason to arm ourselves with knowledge and prudence, the twin guardians that will let us navigate the murky waters of the internet with assurance, outwitting those who weave webs of deceit. In heeding these words, we preserve not only our financial assets but the sanctity of our digital identities against the underhanded schemes of those who would see them usurped.

References 

• https://www.timesnownews.com/technology-science/new-ios-malware-stealing-face-id-data-bank-infos-on-iphones-how-to-protect-yourself-article-107761568
• https://www.darkreading.com/application-security/ios-malware-steals-faces-defeat-biometrics-ai-swaps
• https://www.tomsguide.com/computing/malware-adware/first-ever-ios-trojan-discovered-and-its-stealing-face-id-data-to-break-into-bank-accounts

‍

Introduction

With the ever-growing technology where cyber-crimes are increasing, a new cyber-attack is on the rise, but it’s not in your inbox or your computer- it's targeting your phone, especially your smartphone. Cybercriminals are expanding their reach in India, with a new text-messaging fraud targeting individuals. The Indian Computer Emergency Response Team (CERT-In) has warned against "smishing," or SMS phishing. 

Understanding Smishing

Smishing is a combination of the terms "SMS" and "phishing." It entails sending false text messages that appear to be from reputable sources such as banks, government organizations, or well-known companies. These communications frequently generate a feeling of urgency in their readers, prompting them to click on harmful links, expose personal information, or conduct financial transactions.

When hackers "phish," they send out phony emails in the hopes of tricking the receiver into clicking on a dangerous link. Smishing is just the use of text messaging rather than email. In essence, these hackers are out to steal your personal information to commit fraud or other cybercrimes. This generally entails stealing money – usually your own, but occasionally also the money of your firm.

The cybercriminals typically use these tactics to lure victims and steal the information.

Malware- The cyber crooks send the smishing URL link that might tick you into downloading malicious software on your phone itself. This SMS malware may appear as legitimate software, deceiving you into putting in sensitive information and transmitting it to crooks.

Malicious website- The URL in the smishing message may direct you to a bogus website that seeks sensitive personal information. Cybercriminals employ custom-made rogue sites meant to seem like legitimate ones, making it simpler to steal your information.

Smishing text messages often appear to be from your bank, asking you to share personal sensitive information, ATM numbers, or account details. Mobile device cybercrime is increasing, as is mobile device usage. Aside from the fact that texting is the most prevalent usage of cell phones, a few additional aspects make this an especially pernicious security issue. Let's go over how smishing attacks operate.

Modus Operandi

The cyber crooks commit the fraud via SMS. As attackers assume an identity that might be of someone trusted, Smishing attackers can use social engineering techniques to sway a victim's decision-making. Three things are causing this deception:

• Trust- Cyber crooks target individuals, by posing to someone from a legitimate individual and organization, this naturally lowers a person’s defense against threats. 

• Context- Using a circumstance that might be relevant to targets helps an attacker to create an effective disguise. The message feels personalized, which helps it overcome any assumption that it is spam.
• Emotion- The nature of the SMS is critical; it makes the victim think that is urgent and requires rapid action. Using these tactics, attackers craft communications that compel the receiver to act.
• Typically, attackers want the victim to click on a URL link within the text message, which takes them to a phishing tool that asks them for sensitive information. This phishing tool is frequently in the form of a website or app that also assumes a phony identity.

How does Smishing Spread?

As we have revealed earlier smishing attacks are delivered through both traditional texts. However, SMS phishing attacks primarily appear to be from known sources People are less careful while they are on their phones. Many people believe that their cell phones are more secure than their desktops. However, smartphone security has limits and cannot always guard against smishing directly.

Considering the fact phones are the target While Android smartphones dominate the market and are a perfect target for malware text messages, iOS devices are as vulnerable. Although Apple's iOS mobile technology has a high reputation for security, no mobile operating system can protect you from phishing-style assaults on its own. A false feeling of security, regardless of platform, might leave users especially exposed.

Kinds of smishing attacks

Some common types of smishing attacks that occurred are;

•  COVID-19 Smishing: The Better Business Bureau observed an increase in reports of US government impersonators sending text messages requesting consumers to take an obligatory COVID-19 test via a connected website in April 2020. The concept of these smishing assaults may readily develop, as feeding on pandemic concerns is a successful technique of victimizing the public.

• Gift Smishing: Give away, shopping rewards, or any number of other free offers, this kind of smishing includes free services or products, from a reputable or other company. attackers plan in such a way that the offer is for a limited time or is an exclusive offer and the offers are so lucrative that one gets excited and falls into the trap. 

CERT Guidelines

 CERT-In shared some steps to avoid falling victim to smishing. 

• Never click on any suspicious link in SMS/social media charts or posts.
• Use online resources to validate shortened URLs.
• Always check the link before clicking.
• Use updated antivirus and antimalware tools.
• If you receive any suspicious message pretending to be from a bank or institution, immediately contact the bank or institution.
• Use a separate email account for personal online transactions.
• Enforce multi-factor authentication (MFA) for emails and bank accounts.
• Keep your operating system and software updated with the latest patches.

Conclusion

Smishing uses fraudulent mobile text messages to trick people into downloading malware, sharing sensitive data, or paying cybercriminals money. With the latest technological developments, it has become really important to stay vigilant in the digital era not only protecting your computers but safeguarding the devices that fit in the palm of your hand, CERT warning plays a vital role in this. Awareness and best practices play a pivotal role in safeguarding yourself from evolving threats.

Reference

• https://www.ndtv.com/india-news/government-warns-of-smishing-attacks-heres-how-to-stay-safe-4709458
• https://zeenews.india.com/technology/govt-warns-citizens-about-smishing-scam-how-to-protect-against-this-online-threat-2654285.html
• https://www.the420.in/protect-against-smishing-scams-cert-in-advice-online-safety/

Introduction 

India has always been celebrated as the land of abundance, once known as the ‘golden bird’ that attracted the world with its prosperity and wisdom. In the current century, as the world moves deeper into the age where every nation is redefining its strength through advancements in every sector, including technology, India is preparing for a powerful transformation. “Viksit Bharat 2047” is an initiative aimed at achieving  India's aspiration of becoming a developed nation by its centennial year of independence. India’s growth story is shifting as it takes a step towards development in every field and advances progress both in terms of generating economic growth and breakthroughs in technologies across industries. 

Today, when technology touches every aspect of our lives, ‘Cyber Security’ becomes a key area that will significantly drive progress and hold strong importance under the Viksit Bharat vision, especially with the rise of emerging technologies such as AI, quantum computing, cryptography, 5G & 6G, robotics and automation, Internet of Things (IoT), augmented reality (AR) & virtual reality (VR) etc. 

Key Initiatives Taken by the Centre

Indian Cyber Crime Coordination Centre: 

The Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs (MHA) to provide a framework for law enforcement agencies (LEAs) to deal with cybercrime in a coordinated and comprehensive manner. I4C is actively working on initiatives to combat emerging threats in cyberspace, and it has become a strong pillar of India’s cybersecurity and cybercrime prevention. The ‘National Cyber Crime Reporting Portal’, equipped with a 24x7 cybercrime helpline number 1930,  is one of the key components of the I4C.

Recently under I4C, key initiatives were launched to strengthen cybersecurity. The Cyber Fraud Mitigation Centre (CFMC) has been incorporated to bring together banks, financial institutions, telecom companies, Internet Service Providers, and law enforcement agencies on a single platform to tackle online financial crimes efficiently. The Cyber Commandos Program will establish a specialised wing of trained Cyber Commandos in states, Union Territories, and Central Police Organisations to counter rising cyber threats. The Samanvay platform, a web-based Joint Cybercrime Investigation Facility System, has been introduced as a one-stop data repository for cybercrime to foster data sharing and collaboration. The Suspect Registry Portal, connected to the National Cybercrime Reporting Portal (NCRP), has been designed to track cybercriminals and strengthen fraud risk management.

India’s AI Mission:-

The Indian Cabinet has approved a comprehensive national-level IndiaAI Mission. The mission aims to strengthen the Indian AI innovation ecosystem by democratizing computing access, improving data quality, developing indigenous AI capabilities, attracting top AI talent, enabling industry collaboration, providing startup risk capital, ensuring socially impactful AI projects, and bolstering ethical AI. Through India AI Mission, the government is facilitating the development of India’s own foundational models, including Large Language Models (LLMs) and problem-specific AI solutions tailored to Indian needs.

The mission is implemented by the 'IndiaAI' Independent Business Division (IBD) under the Digital India Corporation (DIC) and consists of several components, such as IndiaAI Compute Capacity, IndiaAI Innovation Centre (IAIC), IndiaAI Datasets Platform, IndiaAI Application Development Initiative, IndiaAI Future Skills, IndiaAI Startup Financing, and Safe & Trusted AI. The main objective is to create and nurture an ecosystem for India’s AI innovation. 

Startup India:-  

With more than 1.59 lakh startups recognised by the Department for Promotion of Industry and Internal Trade (DPIIT) as of January 15, 2025, India has firmly established itself as the third-largest startup ecosystem in the world. Startup India is a flagship initiative launched by the Government of India on 16th January 2016 to build a strong ecosystem for nurturing innovation and startups in the country, which will drive economic growth and generate large-scale employment opportunities.

Key Regulations:-

‍The Centre, in order to better regulate the cyber domain, has come up with significant regulations. To protect the personal data of citizens, the Digital Personal Data Protection Act, 2023 has been enacted. The Intermediary Guidelines 2021 lay down obligations on social media platforms and intermediaries to ensure accountability and user safety. The Telecommunications Act 2023 has also been enacted. Further, the Promotion and Regulation of Online Gaming Bill 2025, passed by Parliament on 21st August 2025, aims to address related concerns. In addition, Cert-In issues guidelines & advisories from time to time, in order to strengthen cybersecurity.

CyberPeace Outlook 

CyberPeace has been at the forefront in transforming policy, technology, and ethical growth in the cyber landscape through its key initiatives. In 2023, CyberPeace hosted the Global CyberPeace Summit in collaboration with Civil 20 and G20 India, with knowledge support from the United Service Institution of India and participation from MeitY, NCIIPC, CERT-In, Zoom, Meta, InMobi, ICANN, Internet Society, MANRS, APNIC, and leading universities, which helped shape critical global conversations on trust, safety, and collaboration in cyberspace. 

Viksit Bharat 2047 is more than just a vision for economic success; it is a pledge to create a nation that is technologically secure, resilient, and globally competitive.  In this journey, cybersecurity will be at the heart of India's digital reboot, securing its innovation, empowering its citizens, and ensuring its future.

References

• https://www.cyberpeace.org/resources/blogs/i4c-foundation-day-celebration-shri-amit-shah-launches-key-initiatives-to-tackle-cybercrime
• https://www.cyberpeace.org/resources/blogs/indiaai-mission
• https://bharatarticles.com/viksit-bharat-2047-vision-challenges-and-roadmap-to-a-developed-india/
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2012355‍
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2093125

‍