#FactCheck- Old Bangladesh Clip Misused as West Bengal Election Incident

Introduction

All citizens are using tech to their advantage, and so we see a lot of upskilling among the population leading to innovation in India. As we go deeper into cyberspace, we must maintain our cyber security efficiently and effectively. When bad actors use technology to their advantage, we often see data loss or financial loss of the victim, In this blog, we will shine light upon two new forms of cyber attacks, causing havoc upon the innocent. The “Daam” Malware and a new malicious app are the two new issues.

Daam Botnet

Since 2021, the DAAM Android botnet has been used to acquire unauthorised access to targeted devices. Cybercriminals use it to carry out different destructive actions. Using the DAAM Android botnet’s APK binding service, threat actors can combine malicious code with a legitimate application. Keylogging, ransomware, VOIP call records, runtime code execution, browser history collecting, incoming call recording, PII data theft, phishing URL opening, photo capture, clipboard data theft, WiFi and data status switching, and browser history gathering are just a few of the functions offered by the DAAM Android botnet. The DAAM botnet tracks user activity using the Accessibility Service and stores keystrokes it has recorded together with the name of the programme package in a database. It also contains a ransomware module that encrypts and decrypts data on the infected device using the AES method.

Additionally, the botnet uses the Accessibility service to monitor the VOIP call-making features of social media apps like WhatsApp, Skype, Telegram, and others. When a user engages with these elements, the virus begins audio recording.

The Malware

CERT-IN, the central nodal institution that reacts to computer security-related issues, claims that Daam connects with various Android APK files to access a phone. The files on the phone are encrypted using the AES encryption technique, and it is distributed through third-party websites.

It is claimed that the malware can damage call recordings and contacts, gain access to the camera, change passwords, take screenshots, steal SMS, download/upload files, and perform a variety of other things.

Safeguards and Guidelines by Cert-In

Cert-In has released the guideline for combating malware. These were issued in the public interest. The recommendations by Cert-In are as follows-

Only download from official app stores to limit the risk of potentially harmful apps.

Before downloading an app, always read the details and user reviews; likewise, always give permissions that are related to the program’s purpose.

Install Android updates solely from Android device vendors as they become available.

Avoid visiting untrustworthy websites or clicking on untrustworthy

Install and keep anti-virus and anti-spyware software up to date.

Be cautious if you see mobile numbers that appear to be something other than genuine/regular mobile numbers.

Conduct sufficient investigation Before clicking on a link supplied in a communication.

Only click on URLs that clearly display the website domain; avoid abbreviated URLs, particularly those employing bit.ly and tinyurl.

Use secure browsing technologies and filtering tools in antivirus, firewall, and filtering services.

Before providing sensitive information, look for authentic encryption certificates by looking for the green lock in your browser’s URL information, look for authentic encryption certificates by looking for the green lock in your browser’s URL bar.

Any ‘strange’ activity in a user’s bank account must be reported immediately to the appropriate bank.

‍

New Malicious App

From the remote parts of Jharkhand, a new form of malicious application has been circulated among people on the pretext of a bank account closure. The bad actors have always used messaging platforms like Whatsapp and Telegram to circulate malicious links among unaware and uneducated people to dupe them of their hard-earned money.

They send an ordinary-looking message on Whatsapp or Telegram where they mention that the user has a bank account at ICICI bank and, due to irregularity with the credentials, their account is being deactivated. Further, they ask users to update their PAN card to reactivate their account by uploading the PAN card on an application. This app, in turn, is a malicious app that downloads all the user’s personal credentials and shares them with the bad actors via text message, allowing them to bypass banks’ two-factor authentication and drain the money from their accounts. The Jharkhand Police Cyber Cells have registered numerous FIRs pertaining to this type of cybercrime and are conducting full-scale investigations to apprehend the criminals.

Conclusion

Malware and phishing attacks have gained momentum in the previous years and have become a major contributor to the tally of cybercrimes in the country. DaaM malware is one of the examples brought into light due to the timely action by Cert-In, but still, a lot of such malware are deployed by bad actors, and we as netizens need to use our best practices to keep such criminals at bay. Phishing crimes are often substantiated by exploiting vulnerabilities and social engineering. Thus working towards a rise in awareness is the need of the hour to safeguard the population by and large.

Introduction
‍

In April 2026, Anthropic revealed Claude Mythos, an artificial intelligence application capable of finding security flaws in computer networks more effectively than human beings. The corporation claimed to have found hundreds of thousands of substantially serious vulnerabilities in established desktop operating systems and web-based browsers that have not been used for at least 20 years. This news has greatly alarmed those responsible for leading financial organisations, banks, and governments throughout the world. Nevertheless, this news demonstrates a much larger problem: we do not have enough cybersecurity professionals trained to do this kind of work. At the current estimate, there are 4.8 million cyber security professionals short of what is needed globally. There is a need to develop different kinds of workforce training programs to help prepare these professionals as we continue to see the emergence of new AI technologies.

‍

What Is Claude Mythos ?
‍

Anthropic created Claude Mythos as part of its Claude AI system, competing against ChatGPT and Google Gemini. In April 2026, expert testing revealed Mythos excelled at identifying problems in legacy code and suggested exploitation methods. It found a vulnerability that had existed for 27 years. Because of these advanced capabilities, Anthropic restricted access through “Project Glasswing,” giving it only to 12 major tech companies and 40 organizations managing critical software. Canadian Finance Minister François-Philippe Champagne called it an “unknown unknown.” Andrew Bailey of the Bank of England said regulators needed to examine what Mythos could mean for financial attacks. The European Union raised concerns. India’s Finance Minister Nirmala Sitharaman warned at SEBI’s Foundation Day on April 25, 2026, that cybersecurity is the single most pressing challenge facing markets today. She stated a single successful cyberattack on a major exchange or large broker could disrupt markets nationally and shake public confidence for years. Sitharaman emphasized that AI tools make attacks faster, more adaptive, and autonomous, capable of discovering system vulnerabilities and manipulating code.

‍

The Real Problem: Discovery Versus Fixing
‍

Mythos highlights a fundamental mismatch in cybersecurity. Finding a vulnerability does not guarantee it will be fixed. Organizations face challenges patching systems. Many use obsolete technology, and updates can break dependent components. Organizations in developing nations often lack financial resources for repairs or downtime. Critical systems like hospitals, banks, and power grids cannot go offline. Before Mythos, human hackers found vulnerabilities slowly. Now AI tools find weaknesses faster than they can be fixed, creating a dangerous gap. Ciaran Martin, former head of the UK’s National Cyber Security Centre, explained that Mythos is “a really good hacker” against unprotected systems. Organizations following basic security practices—regular updates, strong passwords, network protection, trained staff can likely defend against it. The UK AI Safety Institute concluded Mythos poses the biggest threat to poorly defended systems, noting: “We cannot say for sure whether Mythos Preview would be able to attack well-defended systems.”

‍

The Workforce Challenge
‍

The Mythos announcement exposes the real problem: we lack enough trained cybersecurity workers. There is a global shortage of 4.8 million workers against a current workforce of 5.5 million. In AI security specifically, 34 percent of needed skills are missing. But the harder problem is that AI is changing needed skills. Entry-level jobs monitoring security alerts are being automated. These were traditional career starting points. Young people learned basic skills and moved to advanced roles. Now these positions disappear while new AI security jobs emerge for which nobody has training. Organizations cannot hire fast enough for new AI roles because few people have these skills. This leads to a vicious cycle. With fewer entry-level positions available, there will be fewer young adults entering the job market which results in even fewer workers with this skill set; thus, the shortage of qualified applicants increases; this thereby increases organizations’ vulnerability. Without action taken immediately, this issue will continue to worsen 

‍

Way Forward
‍

1. Clarify What Skills We Need

Governments and industry must work together to define what cybersecurity workers need in an AI world. Currently, aspiring professionals study networking, software, and vulnerability finding, but AI security training barely exists. Governments should work with universities and companies to clarify needed skills: understanding what AI tools can and cannot do in security, finding and fixing AI system problems.

2. Support Workers Who Lose Jobs To Automation

Workers who find themselves losing their jobs due to automation will require government support. All too often without an alternative, these skilled and trained workers will leave their profession forever. The government will need to provide funding for training of displaced employees, support for those changing careers to become cyber security professionals.

3. Create Clear Rules For AI Security Tools

When companies create powerful security tools, governments must understand their capabilities and risks. Companies should be required to thoroughly test tools before release, clearly explain what tools can do and their limitations, and explain safety and misuse prevention plans. Governments should monitor actual tool usage, not simply trust voluntary compliance.

4. Focus On Basic Security First

Most attacks do not need advanced AI tools. They succeed because organizations have not implemented basic security. Some never update software, train employees, use strong passwords, protect data properly, or test defenses. Governments should require organizations, especially those managing critical systems, to implement these basics.

‍

Conclusion
‍

Claude Mythos matters not because it is a weapon of destruction, but because it forces hard questions: Do we have enough skilled workers? Are our systems well-protected? The answer is no. We face a shortage of 4.8 million cybersecurity workers and lack AI security training. Yet this is also an opportunity. Governments can invest in training, strengthen defenses, and create clear rules for AI security tools. Governments, organizations and educational institutions must collaborate to create viable Cybersecurity career pathways. We can act through either creating panic or creating a trained and prepared workforce to meet today’s challenges. The time is now.

‍

References 
‍

1. https://www.bbc.com/news/articles/crk1py1jgzko
2. https://red.anthropic.com/2026/mythos-preview/ 
3. https://www.anthropic.com/project/glasswing 
4. https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities 
5. https://www.bsg.ox.ac.uk/people/ciaran-martin 
6. https://www.isc2.org/Insights/2024/10/Cybersecurity-Workforce-INSIGHTS-October-2024 
7. https://decrypt.co/364141/anthropic-claude-mythos-serious-threat-overhyped-ai-security-institute 
8. https://www.businesstoday.in/latest/economy/story/fm-nirmala-sitharaman-wants-sebi-regulated-entities-to-remain-exceptionally-vigilant-heres-why-527437-2026-04-25 
9. https://www.theweek.in/news/biz-tech/2026/04/25/sebi-38th-anniversary-cybersecurity-concerns.html 

‍

Introduction

Misinformation in India has emerged as a significant societal challenge, wielding a potent influence on public perception, political discourse, and social dynamics. A potential number of first-time voters across India identified fake news as a real problem in the nation. With the widespread adoption of digital platforms, false narratives, manipulated content, and fake news have found fertile ground to spread unchecked information and news.

In the backdrop of India being the largest market of WhatsApp users, who forward more content on chats than anywhere else, the practice of fact-checking forwarded information continues to remain low. The heavy reliance on print media, television, unreliable news channels and primarily, social media platforms acts as a catalyst since studies reveal that most Indians trust any content forwarded by family and friends. It is noted that out of all risks, misinformation and disinformation ranked the highest in India, coming before infectious diseases, illicit economic activity, inequality and labour shortages. World Economic Forum analysts, in connection with their 2024 Global Risk Report, note that “misinformation and disinformation in electoral processes could seriously destabilise the real and perceived legitimacy of newly elected governments, risking political unrest, violence and terrorism and long-term erosion of democratic processes.”

The Supreme Court of India on Misinformation

The Supreme Court of India, through various judgements, has noted the impact of misinformation on democratic processes within the country, especially during elections and voting. In 1995, while adjudicating a matter pertaining to keeping the broadcasting media under the control of the public, it noted that democracy becomes a farce when the medium of information is monopolized either by partisan central authority or by private individuals or oligarchic organizations. 

In 2003, the Court stated that “Right to participate by casting a vote at the time of election would be meaningless unless the voters are well informed about all sides of the issue in respect of which they are called upon to express their views by casting their votes. Disinformation, misinformation, non-information all equally create an uninformed citizenry which would finally make democracy a mobocracy and a farce.” It noted that elections would be a useless procedure if voters remained unaware of the antecedents of the candidates contesting elections. Thus, a necessary aspect of a voter’s duty to cast intelligent and rational votes is being well-informed. Such information forms one facet of the fundamental right under Article 19 (1)(a) pertaining to freedom of speech and expression. Quoting James Madison, it stated that a citizen’s right to know the true facts about their country’s administration is one of the pillars of a democratic State.

On a similar note, the Supreme Court, while discussing the disclosure of information by an election candidate, gave weightage to the High Court of Bombay‘s opinion on the matter, which opined that non-disclosure of information resulted in misinformation and disinformation, thereby influencing voters to take uninformed decisions. It stated that a voter had the elementary right to know the full particulars of a candidate who is to represent him in Parliament/Assemblies.

While misinformation was discussed primarily in relation to elections, the effects of misinformation in other sectors have also been discussed from time to time. In particular, The court highlighted the World Health Organisation’s observation in 2021 while discussing the spread of COVID-19, noting that the pandemic was not only an epidemic but also an “infodemic” due to the overabundance of information on the internet, which was riddled with misinformation and disinformation. While condemning governments’ direct or indirect threats of prosecution to citizens, it noted that various citizens who relied on the internet to provide help in securing medical facilities and oxygen tanks were being targeted by alleging that the information posted by them was false and was posted to create panic, defame the administration or damage national image. It instructed authorities to cease such threats and prevent clampdown on information sharing.

More recently, in Facebook v. Delhi Legislative Assembly [(2022) 3 SCC 529], the apex court, while upholding the summons issued to Facebook by the Delhi Legislative Assembly in the aftermath of the 2020 Delhi Riots, noted that while social media enables equal and open dialogue between citizens and policymakers, it is also a tool in the where extremist views are peddled into mainstream media, thereby spreading misinformation. It noted Facebook’s role in the Mynmar, where misinformation and posts that Facebook employees missed fueled offline violence. Since Facebook is one of the most popular social media applications, the platform itself acts as a power center by hosting various opinions and voices on its forum. This directly impacts the governance of States, and some form of liability must be attached to the platform. The Supreme Court objected to Facebook taking contrary stands in various jurisdictions; while in the US, it projected itself as a publisher, which enabled it to maintain control over the material disseminated from its platform, while in India, “it has chosen to identify itself purely as a social media platform, despite its similar functions and services in the two countries.”

Conclusion

The pervasive issue of misinformation in India is a multifaceted challenge with profound implications for democratic processes, public awareness, and social harmony. The alarming statistics of fake news recognition among first-time voters, coupled with a lack of awareness regarding fact-checking organizations, underscore the urgency of addressing this issue. The Supreme Court of India has consistently recognized the detrimental impact of misinformation, particularly in elections. The judiciary has stressed the pivotal role of an informed citizenry in upholding the essence of democracy. It has emphasized the right to access accurate information as a fundamental aspect of freedom of speech and expression. As India grapples with the challenges of misinformation, the intersection of technology, media literacy and legal frameworks will be crucial in mitigating the adverse effects and fostering a more resilient and informed society.

References

• https://thewire.in/media/survey-finds-false-information-risk-highest-in-india 
• https://www.statista.com/topics/5846/fake-news-in-india/#topicOverview
• https://www.weforum.org/publications/global-risks-report-2024/digest/  
• https://main.sci.gov.in/supremecourt/2020/20428/20428_2020_37_1501_28386_Judgement_08-Jul-2021.pdf
• Secretary, Ministry of Information & Broadcasting, Govt, of India and Others v. Cricket Association of Bengal and Another [(1995) 2 SCC 161]
• People’s Union for Civil Liberties (PUCL) v. Union of India [(2003) 4 SCC 399]
• Kisan Shankar Kathore v. Arun Dattatray Sawant and Others [(2014) 14 SCC 162]
• Distribution of Essential Supplies & Services During Pandemic, In re [(2021) 18 SCC 201]
• Facebook v. Delhi Legislative Assembly [(2022) 3 SCC 529]

‍