#FactCheck - Viral Image of AIMIM President Asaduddin Owaisi Holding Lord Rama Portrait Proven Fake

Introduction

‍

Artificial Intelligence (AI) is fast transforming our future in the digital world, transforming healthcare, finance, education, and cybersecurity. But alongside this technology, bad actors are also weaponising it. More and more, state-sponsored cyber actors are misusing AI tools such as ChatGPT and other generative models to automate disinformation, enable cyberattacks, and speed up social engineering operations. This write-up explores why and how AI, in the form of large language models (LLMs), is being exploited in cyber operations associated with adversarial states, and the necessity for international vigilance, regulation, and AI safety guidelines.

‍

The Shift: AI as a Cyber Weapon

‍

State-sponsored threat actors are misusing tools such as ChatGPT to turbocharge their cyber arsenal.

• Phishing Campaigns using AI- Generative AI allows for highly convincing and grammatically correct phishing emails. Unlike the shoddily written scams of yesteryears, these AI-based messages are tailored according to the victim's location, language, and professional background, increasing the attack success rate considerably. Example: It has recently been reported by OpenAI and Microsoft that Russian and North Korean APTs have employed LLMs to create customised phishing baits and malware obfuscation notes.
  
  
• Malware Obfuscation and Script Generation- Big Language Models (LLMs) such as ChatGPT may be used by cyber attackers to help write, debug, and camouflage malicious scripts. While the majority of AI instruments contain safety mechanisms to guard against abuse, threat actors often exploit "jailbreaking" to evade these protections. Once such constraints are lifted, the model can be utilised to develop polymorphic malware that alters its code composition to avoid detection. It can also be used to obfuscate PowerShell or Python scripts to render them difficult for conventional antivirus software to identify. Also, LLMs have been employed to propose techniques for backdoor installation, additional facilitating stealthy access to hijacked systems.
  
  
• Disinformation and Narrative Manipulation
  State-sponsored cyber actors are increasingly employing AI to scale up and automate disinformation operations, especially on election, protest, and geopolitical dispute days. With LLMs' assistance, these actors can create massive amounts of ersatz news stories, deepfake interview transcripts, imitation social media posts, and bogus public remarks on online forums and petitions. The localisation of content makes this strategy especially perilous, as messages are written with cultural and linguistic specificity, making them credible and more difficult to detect. The ultimate aim is to seed societal unrest, manipulate public sentiments, and erode faith in democratic institutions.

‍

Disrupting Malicious Uses of AI – OpenAI Report (June 2025) 

‍

OpenAI released a comprehensive threat intelligence report called "Disrupting Malicious Uses of AI" and the “Staying ahead of threat actors in the age of AI”, which outlined how state-affiliated actors had been testing and misusing its language models for malicious intent. The report named few advanced persistent threat (APT) groups, each attributed to particular nation-states. OpenAI highlighted that the threat actors used the models mostly for enhancing linguistic quality, generating social engineering content, and expanding operations. Significantly, the report mentioned that the tools were not utilized to produce malware, but rather to support preparatory and communicative phases of larger cyber operations.

‍

AI Jailbreaking: Dodging Safety Measures

‍

One of the largest worries is how malicious users can "jailbreak" AI models, misleading them into generating banned content using adversarial input. Some methods employed are:

• Roleplay: Simulating the AI being a professional criminal advisor
• Obfuscation: Concealing requests with code or jargon
• Language Switching: Proposing sensitive inquiries in less frequently moderated languages
• Prompt Injection: Lacing dangerous requests within innocent-appearing questions

These methods have enabled attackers to bypass moderation tools, transforming otherwise moral tools into cybercrime instruments.

‍

Conclusion

‍

As AI generations evolve and become more accessible, its application by state-sponsored cyber actors is unprecedentedly threatening global cybersecurity. The distinction between nation-state intelligence collection and cybercrime is eroding, with AI serving as a multiplier of adversarial campaigns. AI tools such as ChatGPT, which were created for benevolent purposes, can be targeted to multiply phishing, propaganda, and social engineering attacks. The cross-border governance, ethical development practices, and cyber hygiene practices need to be encouraged.  AI needs to be shaped not only by innovation but by responsibility.

‍

References

• https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
• https://www.bankinfosecurity.com/openais-chatgpt-hit-nation-state-hackers-a-28640
• https://oecd.ai/en/incidents/2025-06-13-b5e9
• https://www.microsoft.com/en-us/security/security-insider/meet-the-experts/emerging-AI-tactics-in-use-by-threat-actors
• https://www.wired.com/story/youre-not-ready-for-ai-hacker-agents/
• https://www.cert-in.org.in/PDF/Digital_Threat_Report_2024.pdf
• https://cdn.openai.com/threat-intelligence-reports/5f73af09-a3a3-4a55-992e-069237681620/disrupting-malicious-uses-of-ai-june-2025.pdf

‍

Introduction:

A new Android malware called NGate is capable of stealing money from payment cards through relaying the data read by the Near Field Communication (“NFС”) chip to the attacker’s device. NFC  is a device which allows  devices such as smartphones to communicate over a short distance wirelessly.  In particular, NGate allows forging the victims’ cards and, therefore, performing fraudulent purchases or withdrawing money from ATMs. . 

 About NGate Malware: 

The whole purpose of NGate malware is to target victims’ payment cards by relaying the NFC data to the attacker’s device. The malware is designed to take advantage of phishing tactics and functionality of the NFC on android based devices. 

Modus Operandi: 

• Phishing Campaigns: The first step is spoofed emails or SMS used to lure the users into installing the  Progressive Web Apps (“PWAs”) or the WebAPKs presented as genuine banking applications. These apps usually have a layout and logo that makes them look like an authentic app of a Targeted Bank which makes them believable. 

• Installation of NGate: When the victim downloads the specific app, he or she is required to input personal details including account numbers and PIN numbers. Users are also advised to turn on or install  NFC on their gadgets and place the payment cards to the back part of the phone to scan the cards. 

• NFCGate Component: One of the main working features of the NGate is the NFCGate, an application created and designed by some students of Technical University of Darmstadt. This tool allows the malware to:
  • • Collect NFC traffic from payment cards in the vicinity. 
    • Transmit, or relay this data to the attacker’s device through a server. 
    • Repeat data that has been previously intercepted or otherwise copied.

It is important to note that some aspects of NFCGate mandate a rooted device; however, forwarding NFC traffic can occur with devices that are not rooted, and therefore can potentially ensnare more victims. ‍

Technical Mechanism of Data Theft:

• Data Capture: The malware exploits the NFC communication feature on android devices and reads the information from the payment card, if the card is near the infected device. It is able to intercept and capture the sensive card details.  

• Data Relay: The stolen information  is transmitted through a server to the attacker’s device so that he/she is in a position to mimic the victim’s card. 

• Unauthorized Transactions: Attackers get access to spend money on the merchants or withdraw money from the ATM that has NFC enabled. This capability marks a new level of Android malware in that the hackers are able to directly steal money without having to get hold of the card. 

Social Engineering Tactics: 

In most cases, attackers use social engineering techniques to obtain more information from the target before implementing the attack. In the second phase, attackers may pretend to be representatives of a bank that there is a problem with the account and offer to download a program called NGate, which in fact is a Trojan under the guise of an application for confirming the security of the account. This method makes it possible for the attackers to get ITPIN code from the sides of the victim, which enables them to withdraw money from the targeted person’s account without authorization. 

 Technical Analysis:

The analysis of malicious file hashes and phishing links are below:

Malicious File Hashes:

csob_smart_klic.apk:

• MD5: 7225ED2CBA9CB6C038D8
• Classification: Android/Spy.NGate.B

csob_smart_klic.apk:

• MD5: 66DE1E0A2E9A421DD16B
• Classification: Android/Spy.NGate.C

george_klic.apk:

• MD5: DA84BC78FF2117DDBFDC
• Classification: Android/Spy.NGate.C

george_klic-0304.apk:

• MD5: E7AE59CD44204461EDBD
• Classification: Android/Spy.NGate.C

rb_klic.apk:

• MD5: 103D78A180EB973B9FFC
• Classification: Android/Spy.NGate.A

rb_klic.apk:

• MD5: 11BE9715BE9B41B1C852
• Classification: Android/Spy.NGate.C.

Phishing URLs:

Phishing URL: 

• https://client.nfcpay.workers[.]dev/?key=8e9a1c7b0d4e8f2c5d3f6b2

Additionally, several distinct phishing websites have been identified, including:

• rb.2f1c0b7d.tbc-app[.]life
• geo-4bfa49b2.tbc-app[.]life
• rb-62d3a.tbc-app[.]life
• csob-93ef49e7a.tbc-app[.]life
• george.tbc-app[.]life.

Analysis:

‍

‍

Broader Implications of NGate: 

The ultramodern features of NGate mean that its manifestation is not limited to financial swindling. An attacker can also generate a copy of NFC access cards and get  full access when hacking into restricted areas, for example, the corporate offices or restricted facility. Moreover, it is also safe to use the capacity to capture and analyze NFC traffic as threats to identity theft and other forms of cyber-criminality. 

Precautionary measures to be taken:

To protect against NGate and similar threats, users should consider the following strategies:

• Disable NFC: As mentioned above, NFC should be not often used, it is safe to turn NFC on Android devices off. This perhaps can be done from the general control of the device in which the bursting modes are being set. 

• Scrutinize App Permissions: Be careful concerning the permission that applies to the apps that are installed particularly the ones allowed to access the device. Hence, it is very important that applications should be downloaded only from genuine stores like Google Play Store only. 

• Use Security Software: The malware threat can be prevented by installing relevant security applications that are available in the market. 

• Stay Informed: As it has been highlighted, it is crucial for a person to know risks that are associated with the use of NFC while attempting to safeguard an individual’s identity. 

Conclusion: 

The presence of malware such as NGate is proof of the dynamism of threats in the context of mobile payments. Through the utilization of NFC function, NGate is a marked step up of Android malware implying that the attackers can directly manipulate the cash related data of the victims regardless of the physical aspect of the payment card. This underscores the need to be careful when downloading applications and to be keen on the permission one grants on the application. Turn NFC when not in use, use good security software and be aware of  the latest scams are some of the measures that help to fight this high level of financial fraud. The  attackers are now improving their methods. It is only right for the people and companies to take the right steps in avoiding the breach of privacy and identity theft.

Reference:

• https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
• https://therecord.media/android-malware-atm-stealing-czech-banks
• https://www.darkreading.com/mobile-security/nfc-traffic-stealer-targets-android-users-and-their-banking-info
• https://cybersecuritynews.com/new-ngate-android-malware/

‍

Biological data includes biometric information such as fingerprints, facial recognition, DNA sequences, and behavioral traits. Genetic data can be extracted from an individual’s remains long after their death and can continue to identify both that individual and an expanding pool of their living relatives. This persistent identification can significantly reduce privacy over time, revealing genetic characteristics and familial relationships across successive generations.

Key Developments in Privacy Protection for Biological Data:

Legal texts have been created relating to personal data protection and privacy broadly, and can sometimes prove to be poor adaptations specifically for ‘biometric data’ and its safety. Some examples are mentioned below:

1. EU and UK- GDPR

GDPR focuses primarily on biometrics in Biological Data while deciphering the technology's immense potential. The EU describes “personal data” under the General Data Protection Regulation (GDPR) including any identifiable information about a particular person. For example, this can include names, identification numbers, location data, and other structured and unstructured data. In addition, the GDPR has more specific requirements around processing sensitive or “special categories of personal data.” These “special categories” include things like genetic and biometric data. For biometric security to work well, citizens' rights must be protected appropriately, and the data collected by private and public concerns must be managed carefully and sensibly. 

2. USA

California Consumer Privacy Act (CCPA) grants Californian consumers the right to protect their personal information and biometric data including the right to disclosure or access, the right to be forgotten, and data portability. The sale of personal information and the option of opt-out is also given to consumers. Additionally, it contains the right to take legal action, with penalties imposed for violations.

The California Privacy Rights Act was passed on November 3, 2020, and took effect on January 1, 2023, with a lookback period starting January 1, 2022. It introduces sensitive personal information which includes biometric data and other sensitive details. 

Virginia's Consumer Data Protection Act, effective from January 1, 2023, designates genetic and biometric data as sensitive data that must be protected.

Illinois' Biometric Information Privacy Act is recognised as the most robust biometric privacy law in the United States. The significance of the Rosenbach v. Six Flags case lies in the Illinois Supreme Court's ruling that a plaintiff does not need to demonstrate additional harm to impose penalties on a BIPA violator. A mere loss of statutory biometric privacy rights is sufficient to warrant penalties.

3. India

As per Rule 2(1)(b) of the SPDI Rules, Sensitive Personal Data or Information, including biometric data is included under its meaning. The term ‘biometric data’ has not been defined in the Digital Personal Data Protection Act, 2023. The need for data privacy under the DPDP Act emerges only if such data is subsequently digitised under extraction and manipulation, including notice and consent requirements and penalties. 

The Biotech-PRIDE (Promotion of Research and Innovation through Data Exchange) Guidelines of 2021 are aimed at fostering an exchange of information which would thereby enhance research and innovation among various research groups nationwide. These guidelines do not deal with the generation of biological data but are a mechanism to share and exchange information and knowledge generated according to existing laws, rules, regulations and norms of the country. They will ensure data-sharing benefits, maximise use, avoid duplication, maximise integration, ownership of information, better decision-making and equity of access

How is Biological Data vulnerable?

• Biological data is often immutable, meaning it cannot be altered once compromised. Unlike other authentications that can be changed, compromised biometric data poses a permanent risk, making its protection paramount.
• The use of facial recognition technology by law enforcement agencies and the creation of databases by the same also highlights the urgent need for stringent privacy protections.
• Advances in technology, particularly AI and ML, make it easier to collect, analyse, and utilise biometric data by manipulating biometric data. This in turn is leading to new forms of identity theft and fraud that make it necessary to enhance security measures and ethical considerations to prevent abuse.
• Cross-border data transfers raise serious privacy concerns, especially as countries have varying levels and standards of data protection. 
• Wearable health-related biometric devices lack the required privacy protections which ends up making the data they collect vulnerable to misuse and breaches.

Future Outlook

With the growing use of biological data, there is likely to be increased pressure on regulatory bodies to strengthen privacy protections. This necessitates a need for enhanced security measures to protect users' identities and further prevent any form of unauthorised access. Future developments should be aimed at including strict consent requirements, and enhanced data security measures, especially for wearable devices. A new legal framework specifically designed to address the challenges posed by biometric data would be welcome. Biological data protection is an emerging need in the digital environment that we live in today.

References

• https://www.cnbc.com/2024/08/17/new-privacy-battle-is-underway-as-tech-gadgets-capture-our-brain-waves.html 
• https://www.snrlaw.in/sense-and-sensitivity-sensitive-information-under-indias-new-data-regime/ 
• https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/biometrics/biometric-data‍
• https://www.business-standard.com/article/economy-policy/govt-releases-guideline-to-provide-framework-for-sharing-of-biological-data-121073001467_1.html