#Fact Old image of Hindu Priest with Donald trump at White house goes viral as recent.

Introduction

The Reserve Bank of India (RBI) has mandated banks to switch their digital banking domains to 'Bank.in' by October 31, 2025, as part of a strategy to modernise the sector and maintain consumer confidence. The move is expected to provide a consistent and secure interface for online banking, as a response to the increasing threats posed by cybercriminals who exploit vulnerabilities in online platforms. The RBI's directive is seen as a proactive measure to address the growing concerns over cybersecurity in the banking sector.

RBI  Circular - Migration to '.bank.in' domain

The official circular released by the RBI dated April 22, 2025, read as follows:

“It has now been decided to operationalise the ‘. bank.in’ domain for banks through the Institute for Development and Research in Banking Technology (IDRBT), which has been authorised by National Internet Exchange of India (NIXI), under the aegis of the Ministry of Electronics and Information Technology (MeitY), to serve as the exclusive registrar for this domain. Banks may contact IDRBT at sahyog@idrbt.ac.in to initiate the registration process. IDRBT shall guide the banks on various aspects related to application process and migration to new domain.”

“All banks are advised to commence the migration of their existing domains to the ‘.bank.in’ domain and complete the process at the earliest and in any case, not later than October 31, 2025.”

CyberPeace Outlook

The Reserve Bank of India's directive mandating banks to shift to the 'Bank.in' domain by October 31, 2025, represents a strategic and forward-looking measure to modernise the nation’s digital banking infrastructure. With this initiative, the RBI is setting a new benchmark in cybersecurity by creating a trusted, exclusive domain that banks must adopt. This move will drastically reduce cyber threats, phishing attacks, and fake banking websites, which have been major sources of financial fraud. This fixed domain will simplify verification for consumers and tech platforms to more easily identify legitimate banking websites and apps.  Furthermore, a strong drop in online financial fraud will have a long-term effect by this order.  Since phishing and domain spoofing are two of the most prevalent forms of cybercrime, a shift to a strictly regulated domain name system will remove the potential for lookalike URLs and fraudulent websites that mimic banks. As India’s digital economy grows, RBI’s move is timely, essential, and future-ready.

References

• https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=12837&Mode=0

‍

Disclaimer:

‍

This report is the collaborative outcome of insights derived from the CyberPeace Helpline’s operational statistics and the CyberPeace Research Team, covering the monthly helpline case trends of May 2025, the report identifies recurring trends, operational challenges, and strategic opportunities. The objective is to foster research-driven solutions that enhance the overall efficacy of the helpline. 

‍

Executive Summary:

‍

This report summarizes the cybercrime cases reported in May, offering insights into case types, gender distribution, resolution status, and geographic trends.

As per our analysis, out of various Cyber Frauds Financial Fraud was the most reported issue, making up 43% of cases, followed by Cyberbullying (26%) and Impersonation (14%). Less frequent but serious issues included Sexual Harassment, Sextortion, Hacking, Data Tampering, and Cyber Defamation, each accounting for 3–6%, highlighting a mix of financial and behavioral threats.The gender distribution was fairly balanced, with 51% male and 49% female respondents. While both genders were affected by major crimes like financial fraud and cyber bullying, some categories—such as sexual harassment—reflected more gender-specific risks, indicating the need for gender-responsive policies and support.

Regarding case status, 60% remain under follow-up while 40% have been resolved, reflecting strong case-handling efforts by the team.

The location-wise data shows higher case concentrations in Uttar Pradesh, Andhra Pradesh, Karnataka, and West Bengal, with significant reports also from Delhi, Telangana, Maharashtra, and Odisha. Reports from the northeastern and eastern states confirm the nationwide spread of cyber incidents.In conclusion, the findings point to a growing need for enhanced cybersecurity awareness, preventive strategies, and robust digital safeguards to address the evolving cyber threat landscape across India.

‍

Cases Received in May:

‍

As per the given dataset, the following types of cases were reported to our team during the month of May:

‍

• 💰 Financial Fraud – 43%
• 💬 Cyber Bullying – 26%
• 🕵️‍♂️ Impersonation – 14%
• 🚫 Sexual Harassment – 6%
• 📸 Sextortion – 3%
• 💻 Hacking – 3%
• 📝 Data Tampering – 3%
• 🗣️ Cyber Defamation – 3%

‍

‍

‍

The chart illustrates various cybercrime categories and their occurrence rates. Financial Fraud emerges as the most common, accounting for 43% of cases, highlighting the critical need for stronger digital financial security. This is followed by Cyber Bullying at 26%, reflecting growing concerns around online harassment, especially among youth. Impersonation ranks third with 14%, involving identity misuse for deceitful purposes. Less frequent but still serious crimes such as Sexual Harassment (6%), Sextortion, Hacking, Data Tampering, and Cyber Defamation (each 3%) also pose significant risks to users’ privacy and safety. Overall, the data underscores the need for improved cybersecurity awareness, legal safeguards, and preventive measures to address both financial and behavioral threats in the digital space.

‍

Gender-Wise Distribution:

‍

• 👨 Male – 51%
• 👩 Female – 49%

‍

‍

‍

The chart illustrates the distribution of respondents by gender. The data shows that Male participants make up 51% of the total, while Female participants account for 49%. This indicates a fairly balanced representation of both genders, with a slight majority of male respondents.

‍

Gender-Wise Case Distribution:

‍

‍

‍

‍

‍

1. The chart presents a gender-wise distribution of various cybercrime cases, offering a comparative view of how different types of cyber incidents affect males and females.
2. It highlights that both genders are significantly impacted by cybercrimes such as financial fraud and cyber bullying, indicating a widespread risk across the board.
3. Certain categories, including sexual harassment, cyber defamation, and hacking, show more gender-specific patterns of victimization, pointing to differing vulnerabilities.
4. The data suggests the need for gender-sensitive policies and preventive measures to effectively address the unique risks faced by males and females in the digital space.
5. These insights can inform the design of tailored awareness programs, support services, and intervention strategies aimed at improving cybersecurity for all individuals.

‍

‍Major Location Wise Distribution:

‍

The map visualization displays location-wise distribution of reported cases across India. The cases reflect the cyber-related incidents or cases mapped geographically.

‍

‍

The map highlights the regional distribution of cybercrime cases across Indian states, with a higher concentration in Uttar Pradesh, Andhra Pradesh, Karnataka, and West Bengal. States like Delhi, Telangana, Maharashtra, and Odisha also show notable activity, indicating widespread cyber threats. Regions including Assam, Tripura, Bihar, Jharkhand, and Jammu & Kashmir further reflect the pan-India spread of such incidents. This distribution stresses the need for targeted cybersecurity awareness and stronger digital safeguards nationwide

‍

CyberPeace Advisory:

‍

• Use Strong and Unique Passwords: Create complex passwords using a mix of letters, numbers, and symbols. Avoid reusing the same password across multiple platforms.
  
• Enable Multi-Factor Authentication (MFA): Add an extra layer of security by using a second verification step like an OTP or authentication app.
  
• Keep Software Updated: Regularly update your operating system, apps, and security tools to protect against known vulnerabilities.
  
• Install Trusted Security Software: Use reliable antivirus and anti-malware programs to detect and block threats.
  
• Limit Information Sharing: Be cautious about sharing personal or sensitive details, especially on social media or public platforms.
  
• Secure Your Network: Protect your Wi-Fi with a strong password and encryption. Avoid accessing confidential information on public networks.
  
• Back Up Important Data: Regularly save copies of important files in secure storage to prevent data loss in case of an attack.
  
• Stay Informed with Cybersecurity Training: Learn how to identify scams, phishing attempts, and other online threats through regular awareness sessions.
  
• Control Access to Data: Give access to sensitive information only to those who need it, based on their job roles.
• ‍Monitor and Respond to Threats: Continuously monitor systems for unusual activity and have a clear response plan for handling security incidents.

‍

• CyberPeace Helpline mail ID:  helpline@cyberpeace.net
• CyberPeace Helpline Number:  9570000066
• Central Government Helpline: https://cybercrime.gov.in/
• Central Government Helpline Number: 1930

‍

Conclusion

The cybercrime cases reported in May highlight a diverse and evolving threat landscape across India. Financial fraud, cyber bullying, and impersonation are the most prevalent, affecting both genders almost equally, though some crimes like sexual harassment call for targeted gender-sensitive measures. With 60% of cases still under follow-up, the team’s efforts in investigation and resolution remain strong. Geographically, cyber incidents are widespread, with higher concentrations in several key states, demonstrating that no region is immune. These findings underscore the urgent need to enhance cybersecurity awareness, strengthen preventive strategies, and build robust digital safeguards. Proactive and inclusive approaches are essential to protect individuals and communities and to address the growing challenges posed by cybercrime nationwide.

‍

Executive Summary:

QakBot, a particular kind of banking trojan virus, is capable of stealing personal data, banking passwords, and session data from a user's computer. Since its first discovery in 2009, Qakbot has had substantial modifications.

C2 Server commands infected devices and receives stolen data, which is essentially the brain behind Qakbot's operations.Qakbot employs PEDLL (Communication Files), a malicious program, to interact with the server in order to accomplish its main goals. Sensitive data, including passwords or personal information, is taken from the victims and sent to the C2 server. Referrer files start the main line of communication between Qakbot and the C2 server, such as phishing papers or malware droppers. WHOIS data includes registration details for this server, which helps to identify its ownership or place of origin.

This report specifically focuses on the C2 server infrastructure located in India, shedding light on its architecture, communication patterns, and threat landscape.

Introduction:

QakBot is also known as Pinkslipbot, QuakBot, and QBot, capable of stealing personal data, banking passwords, and session data from a user's computer. Malware is bad since it spreads very quickly to other networks, affecting them like a worm.,It employs contemporary methods like web injection to eavesdrop on customer online banking interactions. Qakbot is a member of a kind of malware that has robust persistence techniques, which are said to be the most advanced in order to gain access to compromised computers for extended periods of time.
‍

Technical Analysis: 

The following IP addresses have been confirmed as active C2 servers supporting Qbot malware activity:

‍

Sample IP's

• 123.201.40[.]112
• 117.198.151[.]182
• 103.250.38[.]115
• 49.33.237[.]65
• 202.134.178[.]157
• 124.123.42[.]115
• 115.96.64[.]9
• 123.201.44[.]86
• 117.202.161[.]73
• 136.232.254[.]46

These servers have been operational in the past 14 days (report created in the month of Nov) and are being leveraged to perpetuate malicious activities globally.

URL/IP: 123.201.40[.]112

• inetnum: 123.201.32[.]0 - 123.201.47[.]255
• netname: YOUTELE
• descr: YOU Telecom India Pvt Ltd
• country: IN
• admin-c: HA348-AP
• tech-c: NI23-AP
• status: ASSIGNED NON-PORTABLE 
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-16T06:43:19Z
• mnt-irt: IRT-IN-YOU
• source: APNIC
• irt: IRT-IN-YOU
• address: YOU Broadband India Limited
• address: 2nd Floor, Millennium Arcade
• address: Opp. Samarth Park, Adajan-Hazira Road
• address: Surat-395009,Gujarat
• address: India
• e-mail: abuse@youbroadband.co.in
• abuse-mailbox: abuse@youbroadband.co.in 
• admin-c: HA348-AP
• tech-c: NI23-AP
• auth: # Filtered
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-08T10:30:51Z
• source: APNIC
• person: Harindra Akbari
• nic-hdl: HA348-AP
• e-mail: harindra.akbari@youbroadband.co.in
• address: YOU Broadband India Limited
• address: 2nd Floor, Millennium Arcade
• address: Opp. Samarth Park, Adajan-Hazira Road
• address: Surat-395009,Gujarat
• address: India
• phone: +91-261-7113400
• fax-no: +91-261-2789501
• country: IN
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-10T11:01:47Z
• source: APNIC
• person: NOC IQARA
• nic-hdl: NI23-AP
• e-mail: network@youbroadband.co.in
• address: YOU Broadband India Limited
• address: 2nd Floor, Millennium Arcade
• address: Opp. Samarth Park, Adajan-Hazira Road
• address: Surat-395009,Gujarat
• address: India
• phone: +91-261-7113400
• fax-no: +91-261-2789501
• country: IN
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-08T10:18:09Z
• source: APNIC
• route: 123.201.40.0/24
• descr: YOU Broadband & Cable India Ltd.
• origin: AS18207
• mnt-lower: MAINT-IN-YOU
• mnt-routes: MAINT-IN-YOU
• mnt-by: MAINT-IN-YOU
• last-modified: 2012-01-25T11:25:55Z
• source: APNIC

IP 123.201.40[.]112 uses the requested URL-path to make a GET request on the IP-address at port 80. "NOT RESPONDED" is the response status code for the request "C:\PROGRAM FILES GOOGLE CHROME APPLICATION CHROME.EXE" that was started by the process. 

Programs that retrieve their server data using a GET request are considered legitimate. The Google Chrome browser, a fully functional application widely used for web browsing, was used to make the actual request. It asks to get access to the server with IP 123.201.40[.]112 in order to collect its data and other resources. 

Malware uses GET requests to retrieve more commands or to send data back to the command and control servers. In this instance, it may be an attack server making the request to a known IP address with a known port number. Since the server has not replied to the request, the response status "NOT RESPONDED" may indicate that the activity was carried out with malicious intent.

This graph illustrates how the Qakbot virus operates and interacts with its C2 server, located in India and with the IP address 123.201.40[.]112. 

Impact

Qbot is a kind of malware that is typically distributed through hacked websites, malicious email attachments, and phishing operations. It targets private user information, including corporate logins or banking passwords. The deployment of ransomware: Payloads from organizations such as ProLock and Egregor ransomware are delivered by Qbot, a predecessor. Network Vulnerability: Within corporate networks, compromised systems will act as gateways for more lateral movement.

Proposed Recommendations for Mitigation

• Quick Action: To stop any incoming or outgoing traffic, the discovered IP addresses will be added to intrusion detection/prevention systems and firewalls.
• Network monitoring: Examining network log information for any attempts to get in touch with these IPs
• Email security: Give permission for anti-phishing programs.
• Endpoint Protection: To identify and stop Qbot infestations, update antivirus definitions.,Install tools for endpoint detection and response.
• Patch management: To reduce vulnerabilities that Qbot exploits, update all operating systems and software on a regular basis.
• Incident Response: Immediately isolate compromised computers.
• Awareness: Dissemination of this information to block the IP addresses of active C2 servers supporting Qbot malware activity has to be carried out.

Conclusion:

The discovery of these C2 servers reveals the growing danger scenario that Indian networks must contend with. To protect its infrastructure from future abuse, organizations are urged to act quickly and put the aforementioned precautions into place. 

Reference: 

• Threat Intelligence - ANY.RUN
• https://www.virustotal.com/gui
• https://www.virustotal.com/gui/ip-address/123.201.40.112/relations

‍