Finding ‘DK Boss’: How a network of Jamtara youths conned thousands with malicious apps

Just a week earlier, successful different seemingly unconnected lawsuit of cybercrime, constabulary had detained a fishy whose questioning revealed that his modus operandi was distributing malicious Android bundle kits (APKs) that are utilized to instal apps designed to bargain data.

When ASP Sharma examined the suspect’s telephone and scrutinised his WhatsApp chats, helium recovered that these APKs were sold to the antheral by idiosyncratic who went by the alias DK Boss. “The seller’s WhatsApp show representation was conscionable the words ‘DK Boss’ written out, and the relationship statement said ‘contact for immoderate APK oregon panel’,” Sharma recalled.

Police said that erstwhile they ran the WhatsApp fig done telecom operators, they recovered it was registered nether the sanction of idiosyncratic unconnected with the incidents. “The idiosyncratic utilizing the messaging app had fraudulently gained entree to it (the number) for the intent of selling APKs,” said the ASP. When the sanction crept up again successful a antithetic lawsuit a fewer days later, constabulary started looking for it successful much cases.

The communal thread

Since then, constabulary person recovered that DK Boss is simply a communal thread successful respective cybercrime cases. A full-scale probe was launched, headed by ASP Sharma and DSP Chandra Shekhar, and supervised by SP Ehtesham Waquarib, to hint DK Boss.

On January 25, aft a month-long operation, the squad unveiled a “sophisticated and well-organised transgression syndicate”, and arrested not one, but 3 antithetic radical who went by “DK Boss”, arsenic good arsenic 3 accomplices.

“The probe wasn’t straightforward,” said the ASP. “Initially, we interrogated respective criminals who had utilized the fake apps developed by DK Boss to scam people, but each of them claimed they did not cognize his existent identity.” What was clear, however, was that DK Boss’s apps were “well-regarded wrong the cybercrime satellite owed to their flawless plan and functionality”, helium said.

Many DK Bosses

During the investigation, constabulary came crossed astir 10-15 fake telephone numbers, each utilizing WhatsApp profiles of “DK Boss” and selling the malicious apps, done APKs, to cyber criminals.

A breakthrough came erstwhile the constabulary arrested 1 Akhtar. “He was recovered utilizing an aged telephone of his relative’s – Aarif Ansari – to merchantability APKs,” Sharma said. Akhtar past revealed that 3 radical – Aarif, Mahboob Alam and Sk Belal – were down the DK Boss alias.

Further investigations tracked them to Haryana and past Kashmir, earlier the probe squad received a extremity that the suspects were backmost successful Jamtara.

Acting connected the information, constabulary acceptable a trap astatine Kenduatanr colony successful the Narayanpur area. They camped determination from the aboriginal hours of January 24, and by nighttime the adjacent day, they had identified 2 cars the suspects were travelling successful and arrested each six occupants. They were Mahboob Alam (25), Safauddin Ansari (26), Aarif Ansari (27), Jashim Ansari (30), Sk Belal (27), and Ajay Mandal (28).

Identical apps

According to police, the questioning of these arrested suspects revealed the layers of sophistication successful their operation.

“Mehboob, Aarif, and Belal developed the malicious apps, portion Mandal distributed and sold them,” said SP Waquarib. Safauddin and Jashim arranged slope accounts to launder the stolen money.

The serviceman said that these “malicious apps” mimicked morganatic banking and authorities apps, similar those of the State Bank of India, Canara Bank, Punjab National Bank, Axis Bank, PM Kisan Yojana, and PM Fasal Bima Yojana.

“They seemed identical to the authoritative banking and authorities apps,” said the SP.

Unlike accepted scams that instrumentality victims into revealing OTPs, these apps let the scammers entree to the victims’ phones remotely.

“Once installed, the apps volition petition assorted telephone permissions. If granted, the scammers tin remotely entree the victim’s telephone – substance messages, telephone calls, banking apps. The scammers past don’t request to inquire victims for OTPs arsenic they tin entree the OTPs themselves,” the SP explained.

Chain reaction

ASP Sharma said that ground-level agents “shoot” (send successful bulk) these APKs to thousands of radical astatine a time. “Their thought is simple: adjacent if lone a tiny percent of recipients instal the apps, it would effect successful fiscal gains of lakhs,” helium said.

The ASP said that erstwhile a telephone is hacked, it is utilized to scam much radical successful the victim’s interaction list. “Once they get entree to 1 phone, they remotely log into WhatsApp and nonstop the APK to the victim’s contacts and groups asking them to instal it. If 1 of them do, past this continues successful a concatenation reaction.”

From the arrested suspects, constabulary besides recovered a spreadsheet with details of astir 2,000 Punjab National Bank and 500 Canara Bank relationship holders. “The scammers sent circumstantial fake apps to circumstantial victims, matching their information, to marque the scam look much credible,” said Sharma.

To determination the stolen money, the accused utilized dummy slope accounts procured, for a commission, from labour contractors who usage their workers’ Aadhaar cards to unfastened specified accounts, the ASP said, adding that the scammers would ne'er usage 1 slope relationship for much than 8-10 days.

From small-time to the large leagues

Sharma said each the six arrested had stopped studies aft people 10 and 12 and were “small-time cyber fraudsters” earlier they came successful contact, betwixt April and June 2023, with a bundle technologist who “gave them online tutorials connected app development”.

The radical utilized Java programming connection to make these apps and generative AI-based chatbot ChatGPT to fine-tune it. “If immoderate issues were found, they would usage ChatGPT to make caller codification that would bypass antivirus checks,” helium said.

The radical besides took utmost precautions to debar being tracked. “They often changed locations and utilized random unfastened fields for their operations. To further fell their tracks, they lone utilized encrypted connection done WhatsApp accounts that were made utilizing fake SIM cards, preventing telephone tracing,” Sharma explained.

Fourteen mobile phones, 23 SIM cards, 10 ATM cards, 1 laptop, 2 cars, Rs 1,08,800 successful cash, a DSLR camera, and a drone were recovered from the accused, SP Waquarib said.

“Over 100 malicious APKs” and a centralised sheet to power them were recovered connected their devices, according to the SP.

Analysing these with the assistance of the Jharkhand CID’s tech enactment squad and the Indian Cyber Crime Coordination Centre, constabulary made further discoveries.

“From the centralised panel, we recovered information of implicit 2,700 victims, including much than 2,70,000 messages (OTPs and banking transaction details),” Waquarib said. Many much specified panels were antecedently operated by the accused, constabulary suspect.

The SP said the six accused person truthful acold been linked to implicit 415 cybercrime complaints crossed India with a full defrauded magnitude estimated astatine implicit Rs 11 crore.

“As their web was progressive not conscionable successful straight defrauding thousands of people, but besides successful supplying these malicious apps to different cybercriminals, the magnitude defrauded done their operations could beryllium overmuch bigger,” helium said.

Police are present looking into the afloat standard of the cognition and are making efforts to way down the remaining members of the network.