
























Cybercriminals are targeting high-ranking officials and executives
Home Ministry’s Indian Cyber Crime Coordination Centre (I4C) on Monday cautioned against ‘Boss Scam’, a new trend in cybercrime. This is being done in the guise of a regulator or even impersonating a CEO (Chief Executive Officer).
“Cybercriminals are targeting high-ranking officials and executives by delivering malicious archives via email or WhatsApp under the guise of urgent regulatory compliance. Once executed, the malware compromises the executive’s Windows device and active web WhatsApp sessions, enabling the fraudsters to message subordinate employees and orchestrate fraudulent financial transfers,” the Centre said in an advisory.
Explaining the modus operandi, the advisory said cybercriminals contact a CEO or a high-ranking official via email or WhatsApp, impersonating regulators such as the Reserve Bank of India (RBI). The communication falsely claims regulatory violation or mandates an urgent security improvement, demanding a response within a very short timeframe. “The message contains a compressed .zip archive. Inside this archive is a malicious executable (.exe) accompanied by a Dynamic Link Library (.dll) file,” it said.
As seen in multiple cases, the CEO forwards the message to finance officer. When the executive extracts and executes the file on a Windows desktop or laptop, a Trojan dropper is initiated. The malware establishes a persistent foothold, compromises the system, and hijacks the active web WhatsApp session tokens.
“Armed with access to the executive’s real WhatsApp account, the fraudster contacts accounts or finance employees, instructing them to make immediate payments to specified mule bank accounts,” it said while adding that sometimes the scamsters also pose as CEO and use a secondary number to instruct employees into transferring funds.
To diffuse the cyberattack, I4C advised finance departments of the companies to verify the request of any urgent financial transactions or account changes based solely on a WhatsApp text or email.
Verification through a direct voice call or in-person confirmation may be done. “Do not install executables received from unknown or unverified sources. Regulators like the RBI will never distribute mandatory software updates or security fixes via WhatsApp attachments,” it said.
Further, system administrators should enforce strict software restriction policies (SRP) configurations to block the execution of unknown ‘.exe and .dll’ files originating from the user profile directories. Regularly audit authorised devices within one’s mobile WhatsApp application (Settings>Linked Devices) and proactively log out of any web WhatsApp sessions that are no longer actively monitored.
“Ensure Windows endpoints are equipped with up-to-date solutions that detect malwares,” it said, while adding that any such incidence should be reported on phone number 1930. Alternatively same can be mailed to www.cybercrime.gov.in.
Published on June 22, 2026
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。