Infostealers Turn Millions of Devices Into Credential Theft Machines — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 10, 2026

Severity: Critical | View Full Scam Details

Infostealers in India 2026: How Millions of Devices Are Hijacked for Credential Theft

Millions of Indian users face a critical cybersecurity threat as infostealers turn everyday devices into silent credential theft machines, risking bank details, Aadhaar data, and more.

What Is the Infostealers Turn Millions of Devices Into Credential Theft Machines?

Infostealers are a type of phishing malware that infiltrate computers, smartphones, and tablets to silently capture passwords, OTPs, bank credentials, and sensitive personal data. In 2026, India has witnessed a surge in reports where attackers deploy such software, turning millions of compromised devices into hubs for harvesting confidential information.

Targets often include online banking users, UPI app customers, e-commerce shoppers, and even government service users logging in with Aadhaar-linked credentials. According to reports received by Indian cybercrime authorities like CERT-In and the I4C (Indian Cyber Crime Coordination Centre), the scale of infection is massive, with many affected users unaware their devices are compromised until financial losses or identity theft occur.

The Reserve Bank of India (RBI) and CERT-In continuously warn users about malware that harvests UPI PINs and SMS OTPs, emphasizing that these advanced infostealers bypass traditional antivirus protections. Such malware is typically spread through phishing SMS, fake payment app downloads, or malicious WhatsApp messages crafted with social engineering aimed at Indian audiences.

How This Scam Works — Step by Step

1. Initial Contact via Phishing Message or Call: The victim receives an SMS or WhatsApp message crafted to appear official — for example, a fake RBI alert about blocked accounts, or a spoofed message claiming their Aadhaar update failed.

2. Link or App Download: The message contains a link urging users to “verify details” or “update documents,” which directs to a phishing website or prompts downloading a malicious app disguised as a OTP authenticator or UPI wallet enhancement.

3. Silent Malware Installation: Once the user installs the app or visits the phishing site on a device vulnerable to malware, the infostealer silently installs itself, often requesting screen overlay access or accessibility permissions under deceptive pretexts.

4. Credential Harvesting: The malware monitors all incoming SMS and notifications, capturing sensitive OTPs sent by banks or UPI apps. It also records keystrokes and extracts saved passwords from browsers, stealing Google or Aadhaar-linked login credentials.

5. Data Transmission to Attackers: The stolen information is bundled and transmitted to remote servers controlled by scammers who quickly use these credentials to transfer money through UPI, conduct unauthorized KYC changes, or even apply for fraudulent loans.

6. Covering Tracks: Some infostealers deactivate security alerts on the device, delete SMS history, or block incoming calls from bank numbers to prevent victim detection.

Real Warning Signs to Watch For

• Unexpected SMS or WhatsApp messages prompting urgent action about bank or Aadhaar details.
• App requests for unusual permissions like screen capture or SMS read access.
• Slow device performance or rapid battery drain after installing a new app.
• Receiving OTPs or transaction alerts for operations you did not initiate.
• Unrecognized apps installed on your phone without your consent.
• Frequent pop-ups asking to update banking or payment app passwords.
• Blocked or missed calls from official bank or financial service numbers.

What Happens to Victims

Victims of such infostealer scams often face significant financial losses in Indian Rupees (INR) as attackers use stolen UPI credentials or net banking passwords to drain accounts. Fraudulent transfers are hard to reverse once done, as attackers use real OTPs captured on infected devices ensuring successful authentication.

Beyond money, victims suffer emotional distress due to identity theft risks. Personal documents linked to Aadhaar can be compromised, opening doors to fake loans or SIM swaps, which further escalate fraud. Recovery can be long and frustrating, especially with cumbersome banking complaint processes and delays in UPI dispute resolution.

What RBI and CERT-In Say

The Reserve Bank of India and CERT-In have issued multiple advisories warning citizens about malware threats including infostealers. RBI emphasizes never sharing OTPs or banking passwords, and advises users to install apps only from trusted sources like official app stores.

CERT-In urges users to report suspicious cyber incidents immediately to the 1930 helpline and to keep device software and security patches updated regularly. Both bodies highlight that multi-factor authentication (MFA) and transaction limits on UPI can reduce fraud risk but not eliminate it.

The Indian Cyber Crime Coordination Centre (I4C) facilitates awareness campaigns targeting phishing and malware attacks, urging vigilance over unsolicited calls or messages and recommending complaint registration at cybercrime.gov.in.

How to Protect Yourself

1. Download apps only from official Google Play Store or Apple App Store; avoid sideloading APKs or unverified links.
2. Never click on unknown or suspicious links received by SMS, WhatsApp, or email, especially related to banking or Aadhaar.
3. Avoid granting broad permissions (e.g., screen overlay, SMS read) to new apps unless absolutely necessary and from trusted developers.
4. Enable app notifications for your bank and UPI transactions and verify every OTP alert personally.
5. Regularly update device OS and security apps to patch known vulnerabilities.
6. Use biometric authentication wherever possible to reduce password exposure.
7. Install mobile antivirus solutions known for detecting phishing and malware infections.

What to Do If You've Been Targeted

1. Immediately change passwords for net banking, UPI apps, and email accounts linked to financial services.
2. Contact your bank’s official helpline to freeze accounts or block UPI payments.
3. Report the fraud to the cybercrime police via cybercrime.gov.in and call the 1930 National Cyber Crime Reporting Helpline to document the incident.
4. File an FIR at your local police station with all evidence like screenshots or message records.
5. Inform your mobile service provider if you suspect SIM swap fraud to block unauthorized changes.
6. Scan devices with updated antimalware tools and consider factory reset if infection is suspected.
7. Monitor account statements daily for unauthorized transactions and request reversals where possible.

Frequently Asked Questions

Q: Can infostealer malware steal money directly without my knowledge?
A: They cannot move money without your credentials and OTPs, but they steal these details silently from your device, enabling fraudsters to authenticate transactions remotely.

Q: Is it safe to use biometric login if my phone is infected?
A: Biometrics add a layer of protection, but if malware records screen activity or OTPs, even biometrics may not prevent money theft through apps linked to your device.

Q: How quickly should I act if I suspect a device infection?
A: Act immediately to change all passwords, contact your bank, and report to cybercrime authorities. The faster you respond, the higher the chance to prevent financial loss.

If you get suspicious messages or calls claiming to be from banks or government agencies, verify their authenticity at BharatSecure.app and report fraud immediately at the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.