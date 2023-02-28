Mumbai: The West Region cyber police, probing the interstate cybercrime racket busted last month, have found that the accused had developed two apps of their own, specifically designed to capture the card verification value (CVV) number of their victims’ credit cards and exfiltrate them from their phones.

This is the first time that such a high-tech aspect has been observed in a cybercrime racket, which traditionally rely on smooth-talking the victims into revealing their banking credentials.

In February this year, the police had arrested Nandkumar Chandrashekhar, John David Raj, P R Parthasarthi, Ayyappan Murugsen and Premsagar Ramswarup in connection with the racket. The accused would allegedly lure their victims with premium memberships of elite dining clubs, obtain their credit card CVVs, purchase gold coins or expensive gadgets and then sell these items.

An officer, who is part of the investigating team, said that the accused were using two apps, which they had developed on their own.

“The accused would send free Android handsets to their victims, saying that the ‘process’ only worked on an Android phone. These phones would have two apps installed in them beforehand, which the victims were asked to open and fill in their details. Among these details were the credit card numbers and CVVs and as soon as they were entered, the apps would convey these details to the accused,” the officer said.

He added that till date, most cybercrime rackets observed in India would depend either on smooth talking, screen sharing apps or QR codes pre-programmed to debit money from the victims’ accounts.

“This is the first time that a gang has actually developed their own custom-made app. This is trickier than it sounds because the app has to look completely innocuous while at the same time exfiltrate data. Additionally, the accused seem to have known that trying to steal this data from the victims’ own phones would trip alarm in the security mechanisms of the phones, and that’s why they sent them free handsets. This also served to convince the victims that they were dealing with genuine parties, and hence, is a brilliant example of social engineering,” the officer said.

Social engineering is a known concept in cybercrime, where criminals exploit the psyche of the victims using certain tricks, like free giveaways, fictitious charities or the fear of accounts being suspended.

According to the police’s investigations so far, the accused have been active since at least 2022, and were involved in another racket before that, where they would allegedly fool their victims in the name of credit cards with great benefits.

“Apart from Mumbai, we have also found victims from Thane and Navi Mumbai. It is, however, difficult to get a sense of how much money they have made so far, as most of it was invested in cryptocurrency. Attempts are still underway to track the money,” said the officer.

Meanwhile, a sixth accused was arrested in the case on Sunday evening. The accused, Akaran Ravindranathan (28), is the brother of the alleged main accused in the case.

“Ravindranathan used to provide mobile handsets to be used in the racket and destroy the handsets that had been used enough time. His job was to keep a steady supply of handsets going,” the officer said.