A sophisticated phishing campaign has recently emerged, targeting Indian air travelers by exploiting the trusted DigiYatra brand. This malicious operation involves a deceptive website, digiyatra[.]in, which masquerades as the official government-backed digital travel platform. The primary objective of this fraudulent site is to harvest sensitive personal and financial information from unsuspecting users.
The Deceptive Website
The fraudulent platform presents itself as a legitimate flight booking service, complete with professional design elements and SSL encryption to enhance its credibility. Users visiting the site encounter what appears to be a standard travel booking interface, featuring flight search functionality and promotional messaging about lowest fare guaranteed and easy booking process. However, beneath this veneer of legitimacy lies a sophisticated data harvesting operation designed to capture names, phone numbers, email addresses, and potentially financial information from victims who believe they are interacting with an official government service.
Technical Infrastructure and Deception Mechanisms
The malicious website employs several sophisticated technical elements to maintain its deceptive appearance and maximize data collection efficiency. The domain digiyatra[.]in was strategically chosen to exactly match the legitimate DigiYatra brand name, exploiting users’ trust in the government-backed initiative. The site’s SSL certificate configuration includes subject alternative names for both the primary domain and an app subdomain (app.digiyatra.in), suggesting plans for expanded mobile application impersonation. The website’s code structure reveals a carefully crafted user interface that mimics legitimate travel booking platforms while implementing data exfiltration capabilities. Rather than processing actual flight reservations, the site’s backend appears designed solely for harvesting submitted personal information, which is then likely sold on dark web marketplaces or used for subsequent targeted attacks against Indian citizens.
Broader Context of Cyber Threats in India
This incident is part of a larger trend of cybercriminals targeting Indian users through fake applications and websites. For instance, researchers have uncovered campaigns where hackers create counterfeit banking apps to steal financial data from Indian users. These fraudulent apps often impersonate legitimate organizations, such as financial institutions, government services, and utilities, to trick users into installing them on their devices. Once installed, these apps exfiltrate various types of sensitive data, including personal information, banking details, payment card information, and account credentials. To gain access to victims’ devices, hackers send phishing messages through social media platforms like WhatsApp and Telegram, often requesting users to update their banking information and containing malicious files that install the fraudulent apps. In some cases, these apps are capable of stealing credit card details, including 16-digit card numbers, CVV numbers, and card expiration dates, putting users at risk of financial fraud. The hackers invest significant effort into creating these apps, using the icons of legitimate banks and attempting to make the authentication process as realistic as possible. This tactic lures users into a false sense of security, making them more likely to provide their sensitive information. ([therecord.media](https://therecord.media/hackers-create-fake-banking-apps-targeting-indian-users?utm_source=openai))
Government and Industry Response
In response to the growing threat of fake applications, the Indian government has issued warnings about advanced malware targeting Android users via social media and messaging platforms. An open-source Remote Access Trojan called DogeRAT has been detected, which targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGPT, and premium versions of YouTube, Netflix, and Instagram. Once installed on a victim’s device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials. ([telanganatoday.com](https://telanganatoday.com/indian-govt-warns-of-malware-attacks-targeting-android-users-via-social-media?utm_source=openai))
Protective Measures for Users
To safeguard against such threats, users are advised to:
– Verify App Authenticity: Always download applications from official app stores and verify the developer’s credentials.
– Be Cautious with Links: Avoid clicking on unsolicited links received through emails, SMS, or social media platforms.
– Monitor Permissions: Regularly review the permissions requested by apps and be cautious of those that request excessive access.
– Stay Informed: Keep abreast of the latest cybersecurity threats and advisories issued by reputable sources.
By adopting these practices, users can significantly reduce the risk of falling victim to such sophisticated phishing campaigns.
