Cybersecurity researchers at CloudSEK’s STRIKE staff used facial recognition and GPS knowledge to show a large, over $2 million, faux foreign money operation in India. This report particulars the publicity of people and their actions on Fb and Instagram.
A big-scale counterfeit foreign money operation is reportedly circulating faux notes value hundreds of thousands of {dollars}, which has been dropped at mild by cybersecurity agency CloudSEK. Its investigation, shared with Hackread.com, CloudSEK’s STRIKE staff has not solely calculated the huge unfold of this illicit commerce, estimated at ₹17.5 crore (over $2 million) in faux Indian foreign money over simply six months (December 26, 2024, to June 26, 2025), however has additionally managed to determine and pinpoint key people behind it.
The distinctive side of this exposé lies within the direct attribution of culprits. Utilizing digital forensics, GPS knowledge, and facial recognition know-how, CloudSEK has recognized and situated main gamers throughout the Indian state of Maharashtra.
In response to Sourajeet Majumder, a safety researcher at CloudSEK, “That is the primary time {that a} cyber investigation has provided such exact attribution of counterfeit actors working in public digital areas. We didn’t simply discover content material, we recognized the important thing perpetrators.”
Social Media: A Hub for Unlawful Commerce
Reportedly, unhealthy actors are utilizing widespread social media platforms like Fb and Instagram on this marketing campaign. CloudSEK’s XVigil platform performed a vital position in its detection by monitoring open-source environments for particular phrases like “second sequence” or “A1 notes,” that are codewords utilized by sellers.
The investigation revealed over 4,500 posts selling counterfeit foreign money and greater than 750 accounts or pages concerned in promoting these faux notes. Moreover, over 410 distinctive telephone numbers had been discovered to be related to sellers. These teams even used Meta Adverts for paid promotions, brazenly reaching out to potential patrons. Some sellers went so far as sharing movies, handwritten notes, and even video calls to point out the supposed high quality of their faux foreign money, making a harmful “trust-based” black market out within the open.
Monitoring Down the Accused
CloudSEK’s researchers mixed superior Open Supply Intelligence (OSINT) and Human Intelligence (HUMINT) strategies to unmask group directors and sellers. They collected facial photos, telephone numbers, actual GPS areas, and social media profiles of the principle suspects.
The researchers additionally recognized a number of accounts working underneath aliases akin to Vivek Kumar, Karan Pawar, and Sachin Deeva. Geolocation proof pointed to exercise in Jamade Village (Dhule district, Maharashtra) and Pune, strongly suggesting a coordinated syndicate based in Maharashtra, with Dhule being the potential hotspot.
Additional probing revealed that the counterfeiters promote their faux notes by way of numerous social media channels utilizing hashtags like #fakecurrency. To achieve belief, they interact with patrons through WhatsApp, sharing “proof” photos and even providing dwell video calls. The manufacturing entails skilled instruments like Adobe Photoshop, industrial-grade printers, and paper that generally mimics safety features like Mahatma Gandhi watermarks and inexperienced safety threads.
CloudSEK has shared its findings with related legislation enforcement companies at each the state and nationwide ranges, offering detailed intelligence to help in disrupting this felony community and defending the nation’s monetary stability.
