#FactCheck -AI-Generated Image Falsely Shows Kavya Maran Hugging Young Cricketer Vaibhav Suryavanshi

Introduction:

CDR is a term that refers to Call detail records, The Telecom Industries holds the call details data of the users. As it amounts to a large amount of data, the telecom companies retain the data for a period of 6 months. CDR plays a significant role in investigations and cases in the courts. It can be used as pivotal evidence in court proceedings to prove or disprove certain facts & circumstances. Power of Interception of Call detail records is allowed for reasonable grounds and only by the authorized authority as per the laws. 

‍

Admissibility of CDR’s in Courts:

Call Details Records (CDRs) can be used as effective pieces of evidence to assist the court in ascertaining the facts of the particular case and inquiring about the commission of an offence, and according to the judicial pronouncements, it is made clear that CDRs can be used supporting or secondary evidence in the court. However, it cannot be the sole basis of the conviction. Section 92 of the Criminal Procedure Code 1973 provides procedure and empowers certain authorities to apply for court or competent authority intervention to seek the CDR. 

‍

Legal provisions to obtain CDR:

The CDR can be obtained under the statutory provisions of law contained in section 92 Criminal Procedure Code, 1973. Or under section 5(2) of Indian Telegraph Act 1885, read with rule 419(A) Indian Telegraph Amendment rule 2007. The guidelines were also issued in 2016 by Ministry of Ministry of Home Affairs for seeking Call details records (CDRs)

‍

How long is CDR stored with telecom Companies (Data Retention)

Call Data is retained by telecom companies for a period of 6 months. As the data amounts to high storage, almost several Petabytes per year, telecom companies store the call details data for a period of 6 months and archive the rest of it to tapes. 

‍

New Delhi 25Cr jewellery heist 

Recently, an incident took place where a 25-crore jewellery theft was carried out in a jewellery shop in Delhi, It was planned and executed by a man from Chhattisgarh. After committing the crime, the criminal went back to Chhattisgarh. It was a case of a 25Cr heist, and the police started their search & investigation. Police used technology and analysed the mobile numbers which were active at the crime scene. Delhi police used advanced software to analyse data. The police were able to trace the mobile number of thieves or suspects active at the crime scene. They discovered suspected contacts who were active within the range of the crime scene, and it helped in the arrest of the main suspects.  From around 5,000 mobile numbers active around the crime scene, police have used advanced software that analyses huge data, and then police found a number registered outside of Delhi.  The surveillance on the number has revealed that the suspected criminal has moved to the MP from Delhi, then moved further to Bhilai Chattisgarh. Police have successfully arrested the suspected criminal. This incident highlights how technology or call data can assist law enforcement agencies in investigating and finding the real culprits.

‍

Conclusion: 

CDR refers to call detail records retained by telecom companies for a period of 6 months, it can be obtained through lawful procedure and by competent authorities only. CDR can be helpful in cases before the court or law enforcement agencies, to assist the court and law enforcement agencies in ascertaining the facts of the case or to prove or disprove certain things. It is important to reiterated that unauthorized seeking of CDR is not allowed; the intervention of the court or competent authority is required to seek the CDR from the telecom companies. CDRs cannot be unauthorizedly obtained, and there has to be a directive from the court or competent authority to do so.

‍

References:

• https://indianlegalsystem.org/cdr-the-wonder-word/#:~:text=CDR%20is%20admissible%20as%20secondary,the%20Indian%20Evidence%20Act%2C%201872.
• https://timesofindia.indiatimes.com/city/delhi/needle-in-a-haystack-how-cops-scanned-5k-mobile-numbers-to-crack-rs-25cr-heist/articleshow/104055687.cms?from=mdr
• https://www.ndtv.com/delhi-news/just-one-man-planned-executed-rs-25-crore-delhi-heist-another-thief-did-him-in-4436494

‍

Introduction:

A new Android malware called NGate is capable of stealing money from payment cards through relaying the data read by the Near Field Communication (“NFС”) chip to the attacker’s device. NFC  is a device which allows  devices such as smartphones to communicate over a short distance wirelessly.  In particular, NGate allows forging the victims’ cards and, therefore, performing fraudulent purchases or withdrawing money from ATMs. . 

 About NGate Malware: 

The whole purpose of NGate malware is to target victims’ payment cards by relaying the NFC data to the attacker’s device. The malware is designed to take advantage of phishing tactics and functionality of the NFC on android based devices. 

Modus Operandi: 

• Phishing Campaigns: The first step is spoofed emails or SMS used to lure the users into installing the  Progressive Web Apps (“PWAs”) or the WebAPKs presented as genuine banking applications. These apps usually have a layout and logo that makes them look like an authentic app of a Targeted Bank which makes them believable. 

• Installation of NGate: When the victim downloads the specific app, he or she is required to input personal details including account numbers and PIN numbers. Users are also advised to turn on or install  NFC on their gadgets and place the payment cards to the back part of the phone to scan the cards. 

• NFCGate Component: One of the main working features of the NGate is the NFCGate, an application created and designed by some students of Technical University of Darmstadt. This tool allows the malware to:
  • • Collect NFC traffic from payment cards in the vicinity. 
    • Transmit, or relay this data to the attacker’s device through a server. 
    • Repeat data that has been previously intercepted or otherwise copied.

It is important to note that some aspects of NFCGate mandate a rooted device; however, forwarding NFC traffic can occur with devices that are not rooted, and therefore can potentially ensnare more victims. ‍

Technical Mechanism of Data Theft:

• Data Capture: The malware exploits the NFC communication feature on android devices and reads the information from the payment card, if the card is near the infected device. It is able to intercept and capture the sensive card details.  

• Data Relay: The stolen information  is transmitted through a server to the attacker’s device so that he/she is in a position to mimic the victim’s card. 

• Unauthorized Transactions: Attackers get access to spend money on the merchants or withdraw money from the ATM that has NFC enabled. This capability marks a new level of Android malware in that the hackers are able to directly steal money without having to get hold of the card. 

Social Engineering Tactics: 

In most cases, attackers use social engineering techniques to obtain more information from the target before implementing the attack. In the second phase, attackers may pretend to be representatives of a bank that there is a problem with the account and offer to download a program called NGate, which in fact is a Trojan under the guise of an application for confirming the security of the account. This method makes it possible for the attackers to get ITPIN code from the sides of the victim, which enables them to withdraw money from the targeted person’s account without authorization. 

 Technical Analysis:

The analysis of malicious file hashes and phishing links are below:

Malicious File Hashes:

csob_smart_klic.apk:

• MD5: 7225ED2CBA9CB6C038D8
• Classification: Android/Spy.NGate.B

csob_smart_klic.apk:

• MD5: 66DE1E0A2E9A421DD16B
• Classification: Android/Spy.NGate.C

george_klic.apk:

• MD5: DA84BC78FF2117DDBFDC
• Classification: Android/Spy.NGate.C

george_klic-0304.apk:

• MD5: E7AE59CD44204461EDBD
• Classification: Android/Spy.NGate.C

rb_klic.apk:

• MD5: 103D78A180EB973B9FFC
• Classification: Android/Spy.NGate.A

rb_klic.apk:

• MD5: 11BE9715BE9B41B1C852
• Classification: Android/Spy.NGate.C.

Phishing URLs:

Phishing URL: 

• https://client.nfcpay.workers[.]dev/?key=8e9a1c7b0d4e8f2c5d3f6b2

Additionally, several distinct phishing websites have been identified, including:

• rb.2f1c0b7d.tbc-app[.]life
• geo-4bfa49b2.tbc-app[.]life
• rb-62d3a.tbc-app[.]life
• csob-93ef49e7a.tbc-app[.]life
• george.tbc-app[.]life.

Analysis:

‍

‍

Broader Implications of NGate: 

The ultramodern features of NGate mean that its manifestation is not limited to financial swindling. An attacker can also generate a copy of NFC access cards and get  full access when hacking into restricted areas, for example, the corporate offices or restricted facility. Moreover, it is also safe to use the capacity to capture and analyze NFC traffic as threats to identity theft and other forms of cyber-criminality. 

Precautionary measures to be taken:

To protect against NGate and similar threats, users should consider the following strategies:

• Disable NFC: As mentioned above, NFC should be not often used, it is safe to turn NFC on Android devices off. This perhaps can be done from the general control of the device in which the bursting modes are being set. 

• Scrutinize App Permissions: Be careful concerning the permission that applies to the apps that are installed particularly the ones allowed to access the device. Hence, it is very important that applications should be downloaded only from genuine stores like Google Play Store only. 

• Use Security Software: The malware threat can be prevented by installing relevant security applications that are available in the market. 

• Stay Informed: As it has been highlighted, it is crucial for a person to know risks that are associated with the use of NFC while attempting to safeguard an individual’s identity. 

Conclusion: 

The presence of malware such as NGate is proof of the dynamism of threats in the context of mobile payments. Through the utilization of NFC function, NGate is a marked step up of Android malware implying that the attackers can directly manipulate the cash related data of the victims regardless of the physical aspect of the payment card. This underscores the need to be careful when downloading applications and to be keen on the permission one grants on the application. Turn NFC when not in use, use good security software and be aware of  the latest scams are some of the measures that help to fight this high level of financial fraud. The  attackers are now improving their methods. It is only right for the people and companies to take the right steps in avoiding the breach of privacy and identity theft.

Reference:

• https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
• https://therecord.media/android-malware-atm-stealing-czech-banks
• https://www.darkreading.com/mobile-security/nfc-traffic-stealer-targets-android-users-and-their-banking-info
• https://cybersecuritynews.com/new-ngate-android-malware/

‍

Executive Summary

‍

‍
A social media post about the shooting incident during a dinner event for journalists covering the White House is going viral with the claim that the attacker was a Muslim man who was shot dead by security personnel. The accompanying video shows panic inside a hall and alert security officials responding to the situation. wHowever, research by the CyberPeace Research Wing  found that the claim is false and misleading. The video is being shared with incorrect information about the identity and fate of the suspect.

‍

Claim:

‍

An Instagram user shared the video on April 26, 2026, claiming that the attacker who targeted Donald Trump was a “jihadi” named Mohammad Ibrahim and that he was killed after being shot multiple times.

• https://www.instagram.com/public.ki.awaj/reel/DXlRRLVAQRe
• https://archive.ph/wylq5 

‍

‍
‍

‍

Fact Check:
‍

To verify the claim, relevant keyword searches were conducted online.

A report published by BBC on April 28, 2026, stated that the suspect accused of attempting to assassinate President Donald Trump during the Washington dinner event was identified as Cole Thomas Allen. The report said Allen lived with his parents in Los Angeles and was produced in court on April 28.

• https://www.bbc.com/news/articles/c392knk3w2jo

‍

‍

According to court documents cited in the report, Allen rushed past a security checkpoint carrying a semi-automatic handgun, a pump-action shotgun, and three knives. Authorities said one Secret Service agent was injured during the incident before Allen was subdued and taken into custody. A separate report published by NBC News on April 26, 2026, also identified the accused as Cole Thomas Allen and included visuals from the incident, showing the suspect after his arrest.

• https://www.nbcnews.com/news/us-news/shooting-suspect-white-house-correspondents-dinner-cole-thomas-allen-rcna342146

‍

Conclusion:
‍

The claim that the White House dinner party attacker was a Muslim man named Mohammad Ibrahim is false. The accused has been identified as Cole Thomas Allen, and he was arrested after the incident. Claims that he was killed are also incorrect.

‍