Reported By: Ankur Sharma
Last Updated: June 22, 2023, 09:53 IST
According to an official communication, threat actors designed phishing domains and malvertising for harvesting information for their malicious agendas including financial fraud and identity theft cybercrimes. (Photo: Shutterstock)
According to an analysis by National Cybercrime Threat Analytics Unit, the cyber threat actors are finding smart and innovative ways to harvest victim information and credentials through registering mass level of Indian (.in) malicious domains
While the government is banning Chinese websites and apps through multi-layered approval process, which takes time, it has been found that Chinese cyber fraudsters are rampantly buying and launching websites with .in extensions, containing pornographic and malicious content to collect data of Indians and commit frauds.
During a routine analysis in May, the National Cybercrime Threat Analytics Unit had found that in just four days more than 2,000 domains were purchased by suspected Chinese actors and misused for hosting pornographic content, betting, and malicious app (iOS and Android).
According to an official communication, the cyber threat actors are finding smart and innovative ways to harvest victim information and credentials through registering mass level of Indian (.in) malicious domains. “Threat actors designed phishing domains and malvertising citizens for harvesting information for their malicious agendas including financial fraud and identity theft cybercrimes,” it says.
It further said that the websites have been hosting content in Mandarin and show differential behaviour corresponding to the operating system/platform. “Website prompts to download suspicious .APK file while opening from an Android device and profile configuration file (.mobile version) for the iPhone,” the communication said.
According to a top official, earlier too, at least 2,000 such domains and apps, bought by Chinese actors, were identified and are under radar due to suspicious activities.
The site has been made in a way so that it can accommodate malware to attack Indians and collect their data.
“Pornographic content is being primarily used and all sites have links on which if a person clicks, it automatically runs a programme designed to fetch the data. The so-called high ratings of the apps fool people, who easily get trapped. Since agencies are banning such apps and sites, these Chinese players are purchasing more and more sites to keep running their business of committing cyber frauds,” a senior official associated with the analysis told News18 on the condition of anonymity.
The National Cybercrime Threat Analytics Unit provides a framework and eco-system for law enforcement agencies to deal with emerging cybercrime in a comprehensive and coordinated manner and issue alerts, advisories, analyses to Law Enforcement Agencies (LEAs), citizens, and concerned agencies.
The government is now planning to take action, which will prevent such buying of websites. Also, the process of buying such sites by foreign entities may also see some preventive changes.
