/newsfirstprime/media/agency_attachments/2025/07/28/2025-07-28t111554609z-2025-07-23t100810984z-newsfirst_prime_640-siddesh-kumar-h-p-1-2025-07-23-15-38-10-2025-07-28-16-45-54.webp)
Follow Us
/newsfirstprime/media/post_attachments/wp-content/uploads/2023/12/Cybercrimes-in-Bengaluru.jpg)
Bengaluru's cybercrime division has issued a cautionary alert about a rising malware threat that exploits emotional content to bypass multi-factor authentication (MFA) security. The malware is being circulated through viral posts referencing the recent Pahalgam attack, often accompanied by captions such as “set this as your DP” or “watch this tourist’s final message.”
Also read: Surge in cyber attacks on India following Pahalgam terror attack
Once users download the content, the malware initiates a method known as “MFA fatigue” or “push bombing.” Victims are bombarded with repeated login approval requests, increasing the chances of them unintentionally granting access. This manipulative tactic takes advantage of previously leaked passwords to bypass MFA, relying on user error rather than technical vulnerabilities.
Upon gaining access, cybercriminals can hijack email accounts, impersonate the victim, reset financial passwords, and even deploy spyware for continued surveillance. The psychological element makes this approach particularly dangerous—emotional manipulation lowers users’ caution, making them more likely to fall for the trap.
This marks the first widespread use of emotionally charged social engineering to distribute MFA-targeting malware in India, adding a new layer of complexity to online threats.
Citizens are strongly advised to avoid downloading unknown media or approving unsolicited MFA requests, regardless of the urgency or emotional tone of the message.
