Cybersecurity researchers at CloudSEK’s STRIKE crew used facial recognition and GPS knowledge to reveal an enormous, over $2 million, pretend foreign money operation in India. This report particulars the publicity of people and their actions on Fb and Instagram.
A big-scale counterfeit foreign money operation is reportedly circulating pretend notes value hundreds of thousands of {dollars}, which has been delivered to mild by cybersecurity agency CloudSEK. Its investigation, shared with Hackread.com, CloudSEK’s STRIKE crew has not solely calculated the huge unfold of this illicit commerce, estimated at ₹17.5 crore (over $2 million) in pretend Indian foreign money over simply six months (December 26, 2024, to June 26, 2025), however has additionally managed to determine and pinpoint key people behind it.
The distinctive facet of this exposé lies within the direct attribution of culprits. Utilizing digital forensics, GPS knowledge, and facial recognition know-how, CloudSEK has recognized and situated main gamers throughout the Indian state of Maharashtra.
In keeping with Sourajeet Majumder, a safety researcher at CloudSEK, “That is the primary time {that a} cyber investigation has supplied such exact attribution of counterfeit actors working in public digital areas. We didn’t simply discover content material, we recognized the important thing perpetrators.”
Social Media: A Hub for Unlawful Commerce
Reportedly, dangerous actors are utilizing fashionable social media platforms like Fb and Instagram on this marketing campaign. CloudSEK’s XVigil platform performed a vital function in its detection by monitoring open-source environments for particular phrases like “second sequence” or “A1 notes,” that are codewords utilized by sellers.
The investigation revealed over 4,500 posts selling counterfeit foreign money and greater than 750 accounts or pages concerned in promoting these pretend notes. Moreover, over 410 distinctive cellphone numbers have been discovered to be related to sellers. These teams even used Meta Adverts for paid promotions, brazenly reaching out to potential consumers. Some sellers went so far as sharing movies, handwritten notes, and even video calls to indicate the supposed high quality of their pretend foreign money, making a harmful “trust-based” black market out within the open.
Monitoring Down the Accused
CloudSEK’s researchers mixed superior Open Supply Intelligence (OSINT) and Human Intelligence (HUMINT) strategies to unmask group directors and sellers. They collected facial pictures, cellphone numbers, precise GPS areas, and social media profiles of the primary suspects.
The researchers additionally recognized a number of accounts working below aliases reminiscent of Vivek Kumar, Karan Pawar, and Sachin Deeva. Geolocation proof pointed to exercise in Jamade Village (Dhule district, Maharashtra) and Pune, strongly suggesting a coordinated syndicate based in Maharashtra, with Dhule being the potential hotspot.
Additional probing revealed that the counterfeiters promote their pretend notes by numerous social media channels utilizing hashtags like #fakecurrency. To realize belief, they interact with consumers by way of WhatsApp, sharing “proof” pictures and even providing reside video calls. The manufacturing includes skilled instruments like Adobe Photoshop, industrial-grade printers, and paper that generally mimics safety features like Mahatma Gandhi watermarks and inexperienced safety threads.
CloudSEK has shared its findings with related regulation enforcement companies at each the state and nationwide ranges, offering detailed intelligence to help in disrupting this felony community and defending the nation’s monetary stability.
