Vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 10, 2026

Severity: Critical | View Full Scam Details

Beware 2026: Critical Phishing Scam Exploiting Vulnerabilities in Citrix NetScaler ADC and Gateway Impacting Indian Users

A new wave of phishing attacks exploiting security flaws in Citrix NetScaler ADC and Gateway has put Indian businesses and their customers at high risk of digital fraud.

What Is the Vulnerabilities Affecting Citrix NetScaler ADC and Citrix NetScaler Gateway?

Citrix NetScaler ADC (Application Delivery Controller) and Citrix NetScaler Gateway are widely used in India by banks, government agencies, and large enterprises to secure remote access and optimize network traffic. Recently, cybersecurity experts have reported critical vulnerabilities in these platforms that fraudsters are allegedly exploiting to launch sophisticated phishing attacks.

These vulnerabilities allow attackers to gain unauthorized access to users’ login sessions and credentials, often bypassing multi-factor authentication. In India, this has led to a surge in reports where cybercriminals impersonate legitimate service providers to trick customers into sharing sensitive data such as UPI PINs, bank account details, or Aadhaar-linked information.

According to advisories from CERT-In and the Indian Cyber Crime Coordination Centre (I4C), the risk severity of these vulnerabilities is critical, scoring 9 out of 10. The Reserve Bank of India (RBI) has also reminded banks to audit their remote access systems promptly and warn customers about phishing attempts leveraging these weaknesses.

How This Scam Works — Step by Step

1. Target Identification and Setup: Fraudsters scan networks using Citrix NetScaler ADC and Gateway to identify vulnerable entry points, often focusing on banks or financial institutions that support UPI transactions.

2. Phishing Message Delivery: Victims receive phishing emails, SMS, or WhatsApp messages claiming to be from their bank or a government portal, warning of “security upgrades” or “urgent verification needed” linked to their accounts.

3. Malicious Link or Fake Login Page: The message includes a URL that mimics the legitimate Citrix login portal but is controlled by scammers. This fake page looks authentic, exploiting the NetScaler gateway appearance.

4. Credential Harvesting: When the victim enters their username, password, and sometimes OTPs or UPI PINs, these details are transmitted to the attackers in real-time.

5. Session Hijacking: Using the captured login information and exploiting the vulnerability, fraudsters bypass security controls to hijack user sessions and gain direct access to bank accounts or data repositories.

6. Financial Theft or Data Misuse: Attackers initiate unauthorized UPI transactions, redirect direct benefit transfers (DBTs), or sell Aadhaar-linked data on the dark web.

Real Warning Signs to Watch For

• Unexpected messages urging immediate action on your banking or government account.
• URLs that look genuine but have subtle misspellings or strange domain suffixes.
• Requests for UPI PIN, OTP, or Aadhaar number via phone, SMS, or chat apps.
• Login pages that don’t use the official bank website domain or have missing security padlocks.
• Communication from generic email addresses (e.g., @gmail.com or @yahoo.com) claiming to be from official institutions.
• Calls threatening account suspension or legal action unless you verify information immediately.
• Sudden alerts about security updates outside regular banking channels.

What Happens to Victims

Victims of this scam suffer both financial loss and emotional distress. In India’s UPI ecosystem, unauthorized transactions are hard to reverse if they are not reported promptly. Unlike credit card fraud, UPI payments directly debit the linked bank account, leaving victims out-of-pocket until banks intervene.

The misuse of Aadhaar details can lead to identity theft, affecting loan applications or SIM card registrations, potentially causing SIM swap fraud. Victims often face stress over frozen accounts, disrupted payments, and the tedious process of filing complaints with banks and cybercrime authorities.

What RBI and CERT-In Say

The Reserve Bank of India has issued circulars urging banks to upgrade their security infrastructure, including patching known vulnerabilities in remote access platforms like Citrix NetScaler. RBI also emphasizes customer education on phishing and secure usage of UPI.

CERT-In provides guidelines on detecting and mitigating such vulnerabilities and encourages organizations to keep software updated with security patches.

For victims, the government’s 1930 National Cybercrime Helpline offers assistance in reporting and resolving cyber fraud cases. RBI’s banking ombudsman and bank-specific helplines are recommended contacts for immediate transactional disputes.

How to Protect Yourself

1. Verify URLs before clicking—always check if the link leads to the official website domain.
2. Never share OTP, UPI PIN, or Aadhaar details over phone calls or messages.
3. Use multi-factor authentication (MFA) wherever possible, especially apps with biometric login.
4. Keep your NetScaler ADC and Gateway systems updated if you run a business or institution.
5. Install antivirus and anti-malware tools on your devices and update them regularly.
6. Regularly monitor your bank and UPI transaction alerts for unusual activity.
7. Avoid responding to unsolicited calls or messages claiming to be from banks without verifying through official numbers.

What to Do If You've Been Targeted

• Immediately report the fraudulent transactions to your bank and request a transaction freeze.
• File a complaint with the National Cyber Crime Reporting Portal at cybercrime.gov.in.
• Call the 1930 cybercrime helpline for guidance and assistance.
• Change all your banking and UPI passwords and enable MFA.
• Inform your mobile service provider to prevent SIM swap fraud if you notice unusual SMS or call activity.
• Keep records of all communication and transaction details for police reporting.

Frequently Asked Questions

Q: Can phishing through Citrix NetScaler vulnerabilities lead to complete bank account hacking?
A: Yes, if scammers successfully hijack your login session after capturing credentials, they can initiate unauthorized transactions or access sensitive personal data.

Q: How quickly should I report if I suspect I’ve been hacked through this scam?
A: Report immediately to your bank and cybercrime authorities. Prompt reporting increases the chance of reversing fraudulent transactions or freezing accounts to prevent further loss.

Q: Are banks responsible if my money is stolen due to such vulnerabilities?
A: Banks are mandated by RBI guidelines to secure their systems. However, customers must also follow safe practices. In cases where negligence is proven, banks may be liable to compensate. Always consult your bank and legal advisor for specific cases.

If you receive suspicious messages claiming to be from your bank or government, verify immediately at BharatSecure.app. Report frauds and phishing attempts to the 1930 helpline without delay.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.