Cybersecurity researchers at CloudSEK’s STRIKE workforce used facial recognition and GPS information to reveal an enormous, over $2 million, faux forex operation in India. This report particulars the publicity of people and their actions on Fb and Instagram.
A big-scale counterfeit forex operation is reportedly circulating faux notes value tens of millions of {dollars}, which has been dropped at gentle by cybersecurity agency CloudSEK. Its investigation, shared with Hackread.com, CloudSEK’s STRIKE workforce has not solely calculated the huge unfold of this illicit commerce, estimated at ₹17.5 crore (over $2 million) in faux Indian forex over simply six months (December 26, 2024, to June 26, 2025), however has additionally managed to determine and pinpoint key people behind it.
The distinctive facet of this exposé lies within the direct attribution of culprits. Utilizing digital forensics, GPS information, and facial recognition know-how, CloudSEK has recognized and positioned main gamers throughout the Indian state of Maharashtra.
In keeping with Sourajeet Majumder, a safety researcher at CloudSEK, “That is the primary time {that a} cyber investigation has supplied such exact attribution of counterfeit actors working in public digital areas. We didn’t simply discover content material, we recognized the important thing perpetrators.”
Social Media: A Hub for Unlawful Commerce
Reportedly, dangerous actors are utilizing well-liked social media platforms like Fb and Instagram on this marketing campaign. CloudSEK’s XVigil platform performed a vital position in its detection by monitoring open-source environments for particular phrases like “second sequence” or “A1 notes,” that are codewords utilized by sellers.
The investigation revealed over 4,500 posts selling counterfeit forex and greater than 750 accounts or pages concerned in promoting these faux notes. Moreover, over 410 distinctive cellphone numbers have been discovered to be related to sellers. These teams even used Meta Adverts for paid promotions, brazenly reaching out to potential patrons. Some sellers went so far as sharing movies, handwritten notes, and even video calls to indicate the supposed high quality of their faux forex, making a harmful “trust-based” black market out within the open.
Monitoring Down the Accused
CloudSEK’s researchers mixed superior Open Supply Intelligence (OSINT) and Human Intelligence (HUMINT) methods to unmask group directors and sellers. They collected facial photographs, cellphone numbers, precise GPS places, and social media profiles of the primary suspects.
The researchers additionally recognized a number of accounts working beneath aliases comparable to Vivek Kumar, Karan Pawar, and Sachin Deeva. Geolocation proof pointed to exercise in Jamade Village (Dhule district, Maharashtra) and Pune, strongly suggesting a coordinated syndicate based in Maharashtra, with Dhule being the potential hotspot.
Additional probing revealed that the counterfeiters promote their faux notes by numerous social media channels utilizing hashtags like #fakecurrency. To achieve belief, they interact with patrons by way of WhatsApp, sharing “proof” photographs and even providing dwell video calls. The manufacturing includes skilled instruments like Adobe Photoshop, industrial-grade printers, and paper that generally mimics safety features like Mahatma Gandhi watermarks and inexperienced safety threads.
CloudSEK has shared its findings with related regulation enforcement companies at each the state and nationwide ranges, offering detailed intelligence to assist in disrupting this prison community and defending the nation’s monetary stability.
