Image used for representational purposes only. (Express Illustrations)
India

I4C warns of malware-driven 'Boss Scam' targeting top corporate executives

Scammers posing as RBI officials target CEOs via email and WhatsApp, using threats and fake compliance violations to pressure victims into immediate action.

TNIE online desk

The Indian Cyber Crime Coordination Centre (I4C) has warned of a sophisticated fraud campaign dubbed "Boss Scam", in which cybercriminals target senior corporate executives, compromise their devices and messaging accounts, and then use the access to trick employees into making fraudulent financial transfers.

According to I4C, the attackers initially contact chief executives and other senior officials through email and WhatsApp while impersonating officials from the Reserve Bank of India.

The messages cite alleged regulatory violations and urgent compliance deficiencies to create pressure and prompt immediate action.

The agency said the attackers deploy malware through compressed ZIP files containing an executable programme and a Dynamic Link Library (DLL) file, enabling them to gain access to the victim's device and communication channels.

"When the executive extracts and executes the file on a Windows desktop or laptop, a Trojan dropper is initiated. The malware establishes a persistent foothold, compromises the system, and hijacks the active Web WhatsApp session tokens," the I4C said in a statement.

The malware establishes persistence on the device, compromises its security controls and captures active Web WhatsApp session tokens, effectively granting attackers access to the executive's authentic messaging account. Armed with that access, fraudsters can operate from a position of unusual credibility.

Messages sent from the executive's genuine WhatsApp account are then directed to finance and accounts staff, instructing them to transfer money immediately to designated bank accounts controlled by criminal networks, it said.

The I4C has also noted a more invasive variant where the hackers, after achieving extensive control over a device, secretly alter contact records, saving an attacker-controlled number under the name of the company's chief executive.

The I4C has asked companies to strengthen verification procedures for financial transactions and not approve urgent payments or account changes based exclusively on WhatsApp messages or emails.

The centre has recommended confirmation through direct voice calls or face-to-face verification besides not to install executable files received from unverified sources.

Regulators such as the Reserve Bank of India do not distribute mandatory software updates or security patches through WhatsApp attachments, the I4C said.

"System administrators should enforce strict software restriction policies (SRP) configurations to block the execution of unknown .exe and .dll files originating from the user profile directories," it said.

(With inputs from PTI)

Follow The New Indian Express channel on WhatsApp 

Download the TNIE app to stay with us and follow the latest

Add as a preferred source on Google

Also Read

At least 15 killed, five injured in fire at Lucknow commercial building; rescue operations underway

US Treasury temporarily suspends sanctions on Iranian oil until August 21

KeirExit: How Starmer went from election landslide to downfall as supporters deserted him

Indians among 13 dead in Qatar gas plant explosion; energy ministry says 'accident' won't affect exports

'Operation Tiger' complete: Shinde poaches six MPs from Uddhav Sena, formalising split

SCROLL FOR NEXT