#FactCheck : AI Video Falsely Shows Iran Destroying Israeli Military Base

Executive Summary:

Recently, CyberPeace faced a case involving a fraudulent Android application imitating the Punjab National Bank (PNB). The victim was tricked into downloading an APK file named "PNB.apk" via WhatsApp. After the victim installed the apk file, it resulted in unauthorized multiple transactions on multiple credit cards.

Case Study: The Attack: Social Engineering Meets Malware

The incident started when the victim clicked on a Facebook ad for a PNB credit card. After submitting basic personal information, the victim receives a WhatsApp call from a profile displaying the PNB logo. The attacker, posing as a bank representative, fakes the benefits and features of the Credit Card and convinces the victim to install an application named PNB.apk.  The so called bank representative sent the app through WhatsApp, claiming it would expedite the credit card application. The application was installed in the mobile device as a customer care application. It asks for permissions such as  to send or view SMS messages. The application opens only if the user provides this permission. 

‍

It extracts the credit card details from the user such as Full Name, Mobile Number, complain, on further pages irrespective of  Refund, Pay or Other. On further processing, it asks for other information such as credit card number, expiry date and cvv number. 

‍

Now the scammer has access to all the details of the credit card information, access to read or view the sms to intercept OTPs. 

The victim, thinking they were securely navigating the official PNB website, was unaware that the malware was granting the hacker remote access to their phone. This led to ₹4 lakhs worth of 11 unauthorized transactions across three credit cards.

The Investigation & Analysis:

Upon receiving the case through CyberPeace helpline, the CyberPeace Research Team acted swiftly to neutralize the threat and secure the victim’s device. Using a secure remote access tool, we gained control of the phone with the victim’s consent. Our first step was identifying and removing the malicious "PNB.apk" file, ensuring no residual malware was left behind. 

Next, we implemented crucial cyber hygiene practices:

1. Revoking unnecessary permissions – to prevent further unauthorized access.
2. Running antivirus scans – to detect any remaining threats.
3. Clearing sensitive data caches – to remove stored credentials and tokens.

The CyberPeace Helpline team assisted the victim to report the fraud to the National Cybercrime Portal and helpline (1930) and promptly blocked the compromised credit cards.

The technical analysis for the app was taken ahead and by using the md5 hash file id. This app was marked as malware in virustotal and it has all the permissions such as Send/Receive/Read SMS, System Alert Window.  

‍

In the similar way, we have found another application in the name of “Axis Bank” which is circulated through whatsapp which is having similar permission access and the details found in virus total are as follows:

‍

‍

‍

Recommendations:

This case study implies the increasingly sophisticated methods used by cybercriminals, blending social engineering with advanced malware. Key lessons include:

• Be vigilant when downloading the applications, even if they appear to be from legitimate sources. It is advised to install any application after checking through an application store and not through any social media. 
• Always review app permissions before granting access.
• Verify the identity of anyone claiming to represent financial institutions.
• Use remote access tools responsibly for effective intervention during a cyber incident.

By acting quickly and following the proper protocols, we successfully secured the victim’s device and prevented further financial loss.

‍

Introduction

‍

Meta has announced that E2EE in Instagram direct messages is ending entirely. Every day, billions of people send messages they consider private. A medical update to a family member. A photograph meant for one person. A conversation they would never have in public. For years, end-to-end encryption (E2EE) was the technology that made that privacy possible: the digital equivalent of a sealed envelope that only the sender and receiver could open. After May 8, 2026, this will change. 

‍

Understanding the Adoption Gap

‍

Meta pointed to low user adoption as the reason for this change. Few people were using encrypted messaging on Instagram, the company said, so the feature was not worth keeping. That explanation raises some questions. Encryption was never switched on by default. Users had to find it and turn it on themselves. It was not advertised. And it was only available in certain regions to begin with, something Meta noted on its own Help Centre page. Features that require users to actively seek them out tend to get used far less than those that simply work from the start. WhatsApp demonstrates this clearly; encryption has been on by default since 2016, for every user, with no action required. Back in 2019, Mark Zuckerberg spoke publicly about building privacy into Meta’s messaging platforms as a core direction for the company.  The current decision shows a different vision for the company.

‍

The Commercial Dimension

‍

Encrypted message content is not accessible for advertising purposes by design. In December 2025, Meta updated its privacy policy to allow interactions with its Meta AI assistant to inform personalized advertising recommendations across its platforms. With encryption removed from Instagram direct messages, the content of those conversations enters a data environment that already serves Meta’s advertising systems. Meta has not made a direct public statement connecting these two decisions, but technology analysts and privacy researchers have noted the commercial implications of making previously inaccessible message content available within that ecosystem.

‍

What This Means for Users

‍

From May 8, 2026, the content of Instagram direct messages will be accessible to Meta’s systems. This includes messages relating to personal matters that users may have previously sent under the assumption of encryption. A related concern is the question of data security. Unencrypted message content stored on platform servers creates a larger surface area of sensitive information that could be exposed in the event of a security breach. As platforms collect and retain greater volumes of personal data, the potential consequences of unauthorised access grow correspondingly. 

But, there is an argument on the other side. Law enforcement agencies and child safety organisations have long maintained that end-to-end encryption limits their ability to detect and act on harmful content. Removing encryption does make certain forms of platform-level content moderation technically feasible where they were not before.

‍

India’s Supreme Court: The Warning Nobody Heeded

‍

India’s Supreme Court said it plainly when hearing the case against Meta’s 2021 WhatsApp privacy policy, which forced hundreds of millions of users to accept data sharing with Facebook or lose access entirely. Chief Justice Surya Kant called it “a decent way of committing theft of private information” and asked how ordinary people could meaningfully consent to policies written in language they cannot understand. He made it human with one line: “A poor woman selling fruits on the streets — will she understand the terms of your policy?” The court ordered Meta not to share a single word of user data until the case is resolved. When Meta’s lawyers argued that encryption protects users anyway, the bench pushed back: encryption protects message content, not the metadata surrounding it. Who you talk to, how often, at what time, from where: all of it is still harvested. The Competition Commission’s own advocate summarised the entire arrangement in four words: “We are the products.”

‍

WhatsApp: A Question Worth Asking

‍

Instagram, Messenger, and WhatsApp are three products inside one ecosystem, owned by Meta, serving one business model. Instagram’s encryption is already gone. Is WhatsApp next in line ?

WhatsApp has over 850 million monthly active users in India alone. People do not use it for entertainment, it is how families talk, how businesses run, how essential daily communication happens. It is infrastructure, not an app. Meta acquired it in 2014 promising no ads, no data exploitation. By 2021 that promise was already bending. By 2025 ads appeared in the Status section. Both original co-founders had long since left the company over exactly these concerns. Instagram’s encryption survived until it conflicted with revenue and regulation. WhatsApp’s encryption exists today under the same ownership, the same business model, and the same tightening global regulatory pressure. That is not a reason to panic. It is a reason to pay attention.

‍

Conclusion

‍

Encryption is not permanent. It is a design choice, and like any design choice, it can be undone when priorities shift. After May 8, 2026, Instagram direct messages will no longer be protected the way they once were. For most users, this change will pass unnoticed. But the data those conversations contain will now be accessible in ways it previously was not. What platforms do with user data is rarely announced loudly. Paying attention to the quiet changes matters.

‍

References 

‍

1. https://help.instagram.com/491565145294150
2. https://www.theguardian.com/technology/2026/mar/18/instagram-to-remove-end-to-end-encryption-for-private-messages-in-may
3. https://www.androidpolice.com/why-meta-is-getting-rid-of-e2ee/
4. https://digitalpolicyalert.org/change/13307
5. https://www.skadden.com/insights/publications/2025/06/take-it-down-act
6. https://timesofindia.indiatimes.com/india/you-cant-play-with-right-of-privacy-of-citizens-scs-big-warning-to-whatsapp-meta-over-take-it-or-leave-it-policy/articleshow/127878524.cms#
7. https://proton.me/blog/instagram-end-to-end-encryption
8. https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind/

‍

Introduction

Data Breaches have taken over cyberspace as one of the rising issues, these data breaches result in personal data making its way toward cybercriminals who use this data for no good. As netizens, it's our digital responsibility to be cognizant of our data and the data of one's organization. The increase in internet and technology penetration has made people move to cyberspace at a rapid pace, however, awareness regarding the same needs to be inculcated to maximise the data safety of netizens. The recent AIIMS cyber breach has got many organisations worried about their cyber safety and security. According to the HIPPA Journal, 66% of healthcare organizations reported ransomware attacks on them. Data management and security is the prime aspect of clients all across the industry and is now growing into a concern for many. The data is primarily classified into three broad terms-

• Personal Identified Information (PII) - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Non-Public Information (NPI) - The personal information of an individual that is not and should not be available to the public. This includes Social Security Numbers, bank information, other personal identifiable financial information, and certain transactions with financial institutions.
• Material Non-Public Information (MNPI) - Data relating to a company that has not been made public but could have an impact on its share price. It is against the law for holders of nonpublic material information to use the information to their advantage in trading stocks.

This classification of data allows the industry to manage and secure data effectively and efficiently and at the same time, this allows the user to understand the uses of their data and its intensity in case of breach of data. Organisations process data that is a combination of the above-mentioned classifications and hence in instances of data breach this becomes a critical aspect. Coming back to the AIIMS data breach, it is a known fact that AIIMS is also an educational and research institution. So, one might assume that the reason for any attack on AIIMS could be either to exfiltrate patient data or could be to obtain hands-on the R & D data including research-related intellectual properties. If we postulate the latter, we could also imagine that other educational institutes of higher learning such as IITs, IISc, ISI, IISERs, IIITs, NITs, and some of the significant state universities could also be targeted. In 2021, the Ministry of Home Affairs through the Ministry of Education sent a directive to IITs and many other institutes to take certain steps related to cyber security measures and to create SoPs to establish efficient data management practices. The following sectors are critical in terms of data protection-

• Health sector
• Financial sector
• Education sector
• Automobile sector

These sectors are generally targeted by bad actors and often data breach from these sectors result in cyber crimes as the data is soon made available on Darkweb. These institutions need to practice compliance like any other corporate house as the end user here is the netizen and his/her data is of utmost importance in terms of protection.Organisations in today's time need to be in coherence to the advancement in cyberspace to find out keen shortcomings and vulnerabilities they may face and subsequently create safeguards for the same. The AIIMS breach is an example to learn from so that we can protect other organisations from such cyber attacks. To showcase strong and impenetrable cyber security every organisation should be able to answer these questions-

• Do you have a centralized cyber asset inventory?
• Do you have human resources that are trained to model possible cyber threats and cyber risk assessment?
• Have you ever undertaken a business continuity and resilience study of your institutional digitalized business processes?
• Do you have a formal vulnerability management system that enumerates vulnerabilities in your cyber assets and a patch management system that patches freshly discovered vulnerabilities?
• Do you have a formal configuration assessment and management system that checks the configuration of all your cyber assets and security tools (firewalls, antivirus management, proxy services) regularly to ensure they are most securely configured?
• Do have a segmented network such that your most critical assets (servers, databases, HPC resources, etc.) are in a separate network that is access-controlled and only people with proper permission can access?
• Do you have a cyber security policy that spells out the policies regarding the usage of cyber assets, protection of cyber assets, monitoring of cyber assets, authentication and access control policies, and asset lifecycle management strategies?
• Do you have a business continuity and cyber crisis management plan in place which is regularly exercised like fire drills so that in cases of exigencies such plans can easily be followed, and all stakeholders are properly trained to do their part during such emergencies?
• Do you have multi-factor authentication for all users implemented?
• Do you have a supply chain security policy for applications that are supplied by vendors? Do you have a vendor access policy that disallows providing network access to vendors for configuration, updates, etc?
• Do you have regular penetration testing of the cyberinfrastructure of the organization with proper red-teaming?
• Do you have a bug-bounty program for students who could report vulnerabilities they discover in your cyber infrastructure and get rewarded?
• Do you have an endpoint security monitoring tool mandatory for all critical endpoints such as database servers, application servers, and other important cyber assets?
• Do have a continuous network monitoring and alert generation tool installed?
• Do you have a comprehensive cyber security strategy that is reflected in your cyber security policy document?
• Do you regularly receive cyber security incidents (including small, medium, or high severity incidents, network scanning, etc) updates from your cyber security team in order to ensure that top management is aware of the situation on the ground?
• Do you have regular cyber security skills training for your cyber security team and your IT/OT engineers and employees?
• Do your top management show adequate support, and hold the cyber security team accountable on a regular basis?
• Do you have a proper and vetted backup and restoration policy and practice?

If any organisation has definite answers to these questions, it is safe to say that they have strong cyber security, these questions should not be taken as a comparison but as a checklist by various organisations to be up to date in regard to the technical measures and policies related to cyber security. Having a strong cyber security posture does not drive the cyber security risk to zero but it helps to reduce the risk and improves the fighting chance. Further, if a proper risk assessment is regularly carried out and high-risk cyber assets are properly protected, then the damages resulting from cyber attacks can be contained to a large extent.