#FactCheck-Air Taxi is a prototype and is not launched to commercial public

Research Wing
Research Wing
Innovation and Research
PUBLISHED ON
Feb 16, 2025
10

Executive Summary:

Recent reports circulating on various social media platforms have falsely claimed that an air taxi prototype is operational and providing services between Amritsar, Chandigarh, Delhi, and Jaipur. These claims, accompanied by images and videos, have been widely shared, leading to significant public attention. However, upon conducting a thorough examination using reverse image search, it has been determined that the information is misleading and inaccurate. These assertions do not reflect the current reality and are not substantiated by credible sources

Claim:

The claim suggests that an air taxi prototype is already operational, servicing routes between Amritsar, Chandigarh, Delhi, and Jaipur. This assertion is accompanied by images of a futuristic aircraft, implying that such technology is currently being used to transport commercial passengers.

Post Link

Fact Check:

The claim of air taxi and routes between Amritsar, Chandigarh, Delhi, and Jaipur has been found to be misleading.  Also, so far, neither the Indian government nor the respective aviation authorities have issued any sort of public declarations nor industry insiders to claim any launch of any air taxi  service. Further research followed a keyword-based search that directed us to a news report published in The Times of India on January 20, 2025. A similar post to the one seen in the viral video accompanied the report. It stated that Bengaluru-based aerospace startup Sarla Aviation launched its prototype air taxi called “Shunya” during the Bharat Mobility Global Expo. Under this plan, it looks to initiate electric flying taxis in Bangalore by 2028. This urban air transport program for India will be similar to what they are posting in this regard.

Conclusion:

The viral claim saying that there is an air taxi service in India between Amritsar, Chandigarh, Delhi, and Jaipur is entirely false. The pictures and information going viral are misleading and do not relate to any progress or implementation of air taxi technology in India. To date, there is no official confirmation or credible evidence that supports such a service. Information must be verified from reliable sources before it is believed or shared in order to prevent the spread of misinformation.

  • Claim: A viral post claims an air taxi is operational between Amritsar, Chandigarh, Delhi, and Jaipur.
  • Claimed On: Social Media 
  • Fact Check: False and Misleading
PUBLISHED ON
Feb 16, 2025
Category
#FactCheck
TAGS
#
#FactCheck

Related Blogs

#FactCheck – Debunking the False Claim: Alleged iPhone 15 Giveaway Scam Exposed this Holi"
#FactCheck – Debunking the False Claim: Alleged iPhone 15 Giveaway Scam Exposed this Holi"
10
March 23, 2024

Executive Summary:

Social media is buzzing with a link  that claims to offer an iPhone 15 as a gift from LuLu Hype­rmarket, presente­d as part of Holi celebrations. This article e­xamines the deceptive tactics behind this fraudulent offe­r and provides guidance on recognizing and avoiding such scams.

False Claim:

The link be­ing shared is misleading and falsely claims that LuLu Hype­rmarket is giving away free iPhone­ 15 phones. This is taking advantage of the Holi fe­stival to trick unsuspecting people. Whe­n users click on the link, they are­ redirected multiple­ times and end up on a page with LuLu Hype­rmarket's photo and some simple que­stions. Fake comments are also use­d to make the offer se­em genuine, but it is all a de­ception.

The Deceptive Scheme:

The plan uses psychological tricks by linking the offe­r to a famous brand and a popular celebration. The landing page's simplicity and phoney comments try to make users trust it and fe­el like they ne­ed to act fast, so they'll join the scam.

The Fraudulent Campaign Analysed:

The­ scammers are using psychological tactics to manipulate pe­ople. They're e­xploiting the trust people have­ in LuLu Hypermarket and the e­xcitement around the ne­w iPhone 15 during the Holi festival. The­ fake questionnaire se­rves no real purpose, but it's a way to e­ngage users and make the­ scam seem legitimate­. Testimonials claiming people have­ successfully receive­d the iPhone 15 are also fake­, designed to create­ a false sense of cre­dibility. Users are prompted to se­lect a "gift box," which adds an interactive e­lement to draw them in furthe­r. When a user sele­cts a box, they're falsely congratulate­d on winning the iPhone 15, giving them a se­nse of accomplishment. Finally, users are­ urged to share the link via WhatsApp to "claim" the­ gift, spreading the scam to more pote­ntial victims.

What do we Analyse? :

  • We analyse the deceptive tactics employed by the scam, including psychological manipulation, false engagement techniques, and fake testimonials, all aimed at convincing users of the offer's legitimacy.

Link : (https://sophisticate­ddistort[.]top/nTiwpTTTT526?llue1696559991144)

  • It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by Lulu Hypermarket So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
  • The campaign is hosted on a third party domain instead of any official Website of LuLu Hypermarket, this raised suspicion. Also the domain was registered last year.
  • The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

  • Domain Name: sophisticateddistort.top
  • Registry Domain ID: D20230629G10001G_04181852-top
  • Registrar WHOIS Server: whois.west263.com
  • Registrar URL: www.west263.com
  • Updated Date: 2023-07-01T02:55:34Z
  • Creation Date: 2023-06-29T06:05:00Z
  • Registry Expiry Date: 2024-06-29T06:05:00Z
  • Registrar: Chengdu west dimension digital
  • Registrant State/Province: Shan Xi
  • Registrant Country: CN (China)
  • Name Server: curt.ns.cloudflare.com
  • Name Server: harlee.ns.cloudflare.com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

  • Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
  • Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
  • Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
  • Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
  • For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

During the festive season, as we engage in merrymaking and online activities, we should be mindful of fraudster's exploitation strategies. Another instance is the illegitimate Lulu Hypermarket offer of the upcoming iPhone 15. With the knowledge and carefulness, we can report any suspicious actions to avoid being victims of fraud in this way. Keep in mind the fact that legitimate offers are usually issued by trustworthy sources while if, the offer looks too good to be true, then it is rather a scam.

laptop keypad
DPDP at LokSabha: The CyberPeace Outlook
Learn about India's Digital Personal Data Protection Bill, 2023, and how it safeguards personal data while promoting innovation and user rights.
10
August 5, 2023

Introduction

Data protection has been a critical aspect of advocacy and governance all across the world. Data fuels our cyber-ecosystem and strengthens the era of emerging technologies. All industries and sectors are now dependent upon the data of the user. The governments across the world have been deliberating internally to address the issue and legality of Data protection and privacy. The Indian government has witnessed various draft bills and policies focusing on Data protection over the years, and the contemporary bill is the Digital Personal Data Protection Bill, 2023, which was tabled at the Lok Sabha (Lower House of Parliament) on 03 August for discussions and parliamentary assent.

What is DPDP, 2023?

The goal of the complete and comprehensive Digital Personal Data Protection Bill of 2023 is to establish a framework for the protection of personal data in India. The measure acknowledges the significance of protecting personal data and seeks to strike a balance between the necessity to process personal data for legitimate purposes and the right of individuals to do so. The bill establishes a number of crucial expressions and ideas associated with the protection of personal data, including “data fiduciary,” “data principal,” and “sensitive personal data.” It also emphasises the duties of data fiduciaries, including the need to establish suitable security measures to preserve personal data and the need to secure data principals’ consent before processing their personal information. The measure also creates the Data Protection Board of India, which would implement its requirements and guarantee data fiduciaries’ compliance. The board will have the authority to look into grievances, give directives, and impose sanctions for non-compliance.

Key Features of the Bill

The bill tabled at the parliament has the following key features:

  • The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.
  • Under the 2023 bill, a new Data Protection Board is established, which will ensure compliance, remedies and penalties.
  • Under the new bill, the Board has been entrusted with the power equivalent to a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.
  • The 2023 bill also secures more rights of Individuals and establishes a balance between user protection and growing innovations.
  • The bill creates a transparent and accountable data governance framework by giving more rights to individuals.
  • There is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
  • The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.
  • The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.
  • The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.
  • Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’ pertaining to the conditions in regard to Sovernity and Intergrity of India.
  • There is an introduction of the negative list, which restricts cross-data transfer.

Additionally, the measure makes special provisions for the processing of children’s personal data and acknowledges the significance of protecting children’s privacy. Additionally, it highlights the rights of the data subjects, including their right to access their personal information, their right to have wrong information corrected, and their right to be forgotten.

Drive4CyberPeace

A campaign was undertaken by CyberPeace to gain a critical understanding of what people understand about Data privacy and protection in India. The 4-month long campaign led to a pan-India interaction with netizens from different areas and backgrounds. The thoughts and opinions of the netizens were understood and collated in the form of a whitepaper which was, in turn, presented to Parliamentarians and government officials. The whitepaper laid the foundation of the recommendations submitted to the Ministry of Electronics and Information Technology as part of the stakeholder consultation.

Conclusion

Overall, the Digital Personal Data Protection Bill of 2023 is an important step towards safeguarding Indian citizens’ privacy and personal data. It creates a regulatory agency to guarantee compliance and enforcement and offers a thorough framework for data protection. The law includes special measures for the protection of sensitive personal data and the personal data of children and acknowledges the significance of striking a balance between the right to privacy and the necessity of data processing.

SharpRhino RAT: Advanced Threat Hidden in Legitimate Software
SharpRhino RAT: Advanced Threat Hidden in Legitimate Software
10
August 29, 2024

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

  • Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 
  • Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 
  • Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

  • Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 
  • C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 
  • Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

  • LogUpdate.bat
  • Wiaphoh7um.t
  • ipscan-3.9.1-setup.exe
  • kautix2aeX.t
  • WindowsUpdate.bat

Command and Control Servers:

  • cdn-server-1.xiren77418.workers.dev
  • cdn-server-2.wesoc40288.workers.dev
  • Angryipo.org
  • Angryipsca.com

Analysis:

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

  • Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.
  • Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.
  • Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.
  • Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
Indian schools and colleges under digital siege: Massive cyber breach crisis exposed
Over 2 lack cyberattacks, 4 lakh data breaches hit Indian educational institutions in 9 months
Lessons in Cybersecurity Required: 2 Lakh Cyberattacks Shake Indian Education Sector in Just Nine Months
2 lakh cyberattacks, 4 lakh data breaches in Indian educational sector in 9 months

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now