InfoSecBulletin Cybersecurity for mankind
A sophisticated cyber fraud has stolen over ₹5.58 crore from many bank accounts, highlighting serious concerns about digital payment security. This scam involved cloning biometric data and affected 251 accounts in 17 districts. Authorities are working hard to contain the situation and catch those responsible.
The Modus Operandi: A Digital Heist
SoupDealer Malware Bypasses Every Sandbox, AV’s, XDR/EDR in Real-World Incidents
WinRAR Zero-Day and 7-Zip Vulnerability actively exploited
Biometric Clone: ₹5.58 crore loss, 251 accounts in 17 districts
Google Confirms Data Breach: Notifying Affected Users
28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786
Google alerts of cloud storage bucket hijacking attacks
Multiple 0-days to Bypass BitLocker and Extract Data
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials
7 Tools for Automated Server Patching
Germany’s top court rules police may use spyware solely for serious crimes
Fraudsters exploited a crucial vulnerability in the Aadhaar payment system to clone biometric data and unlawfully access victims’ bank accounts. Most victims were rural residents dependent on local businesses for banking, whose fingerprints and personal information were stolen without their consent. The fraudulent transactions were carried out using business units linked to Fino Payments Bank Limited, which serves remote areas.
A Widespread Network of Deception
The fraud covers 17 districts in Bihar, India, with Araria as the main hub, losing over ₹3.05 crore from 140 accounts. Purnia and Kishanganj also faced significant losses of ₹99.87 lakh and ₹69.82 lakh, respectively. This widespread crime indicates a well-organized and skilled criminal network.
The Human Cost: A Community in Crisis
Most fraud victims come from marginalized communities, losing a significant portion of their savings. Many discovered their accounts empty after depositing their earnings, causing great distress. Complaints have been filed with the National Cyber Crime Reporting Portal (NCRCP), but only a small fraction of the money has been recovered, leaving many in despair.
Questions of Security and Accountability
The bank has reported a leak of confidential customer data, leading to an investigation by the Economic Offences Unit (EOU) of the Bihar Police. The bank is worried about the local police’s slow response and is keen to identify those responsible to prevent further misuse.
