RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: india (2 articles)Clear
threat
2026-05-08

28 fake apps on Google Play tricked 7.3 million Indian users into paying for fake call logs - charging up to $80 a year for fabricated data

ESET disclosed CallPhantom, a campaign of 28 fraudulent Android apps on Google Play that promised to reveal call histories, SMS records, and WhatsApp call logs for any phone number. Combined downloads: 7.3 million. After payment (weekly, monthly, or annual subscriptions up to $80), users receive fabricated phone numbers and names hardcoded into the apps. Targeting was India-focused (apps came pre-set with +91 country code and UPI integration via Google Pay, PhonePe, and Paytm) plus broader Asia-Pacific. Some apps embedded direct credit card forms, violating Play policy and making refunds harder. Google removed the 28 apps after ESET's report.

callphantomesetgoogle-playandroid-fraudsubscription-scamindiaapacupigoogle-payphonepepaytmgoldfactory-related7-3m-downloads
Check
If your organization issues Android devices to staff in India or APAC, check Google Play purchase histories for active subscriptions to call-history apps. Review corporate phone bills for unexpected UPI charges since November 2025.
Affected
Android users in India and broader Asia-Pacific, particularly those who searched Play Store for tools to retrieve call logs, SMS records, or WhatsApp histories. Indian users are the primary target due to UPI integration - 7.3M+ confirmed downloads. Corporate-issued Android devices used for personal app downloads face the same risk.
Fix
Cancel any active CallPhantom subscriptions through Play Store - Google has removed the apps. Request refunds via Play Store (subject to Google's time windows). For UPI-paid subscriptions, contact your UPI provider directly. Brief staff that no legitimate consumer app can reveal call logs of arbitrary phone numbers. For corporate fleets: apply MDM policies that block sideloading.
threat
2026-05-04

China-linked group is sending 1,600 fake tax-audit emails to Indian and Russian companies, then dropping a brand-new backdoor called ABCDoor

Kaspersky tracked a China-based group called Silver Fox running a tax-themed phishing campaign against organizations in India, Russia, Indonesia, Japan, and South Africa. Phishing emails impersonate the Indian Income Tax Department or Russian tax service with subjects about audits or 'lists of tax violations.' Inside the attached archive sits a modified Rust loader that pulls down a known backdoor called ValleyRAT, plus a brand-new Python-based backdoor called ABCDoor. ABCDoor handles screen recording, keystroke control, clipboard theft, and file operations. Kaspersky logged 1,600+ phishing emails between January and February 2026 across industrial, consulting, retail, and transportation sectors.

silver-foxabcdoorvalleyratrustslchina-apttax-phishingindiarussiaindonesiajapankasperskypython-backdoor
Check
Search proxy and DNS logs for connections to abc.haijing88.com since December 2025. Hunt endpoints for pythonw.exe processes initiating outbound HTTPS to unfamiliar destinations.
Affected
Organizations in India, Russia, Indonesia, Japan, and South Africa, particularly in industrial, consulting, retail, and transportation sectors. Finance and accounting staff who routinely receive tax correspondence are the highest-risk role. Multinationals with operations in any of these regions face the same risk through local subsidiaries.
Fix
Block abc.haijing88.com and related Silver Fox infrastructure at the DNS resolver. Train finance staff that real tax correspondence never arrives as a ZIP or RAR archive of 'violations' to download. Quarantine any host running pythonw.exe with unexpected outbound HTTPS, and remove FFmpeg installations not authorized by IT. Rotate credentials on suspected compromised hosts and reimage.