Gandhinagar, Gujarat: Thursday, the Gujarat Police Anti-Terrorism Squad (ATS) apprehended a 53-year-old espionage agent, Labhsankar Maheswari, from Tarapur, Gujarat, based on specific intelligence provided by the Military Intelligence (MI).
The Military Intelligence (MI) has discovered a covert operation run by a Pakistani Intelligence Operative (PIO) through WhatsApp, which is a significant development. This operation attempted to compromise the Android smartphones of active duty military personnel, especially those who had kids enrolled in several Army Public Schools (APS) throughout India. Just before Independence Day, a malicious campaign lured people into installing malicious Android applications (“.apk” files) under the guise of the “Har Gher Tiranga” campaign.
The malicious WhatsApp user operating under the number 90xxxx6792 delivered the malicious software to unwitting recipients, inviting them to upload their children’s photos with the national flag for a fictitious competition. The fraudulent WhatsApp user pretended to be an APS official. When the last known use of the number 90xxxx6792 was discovered to be in Gujarat, MI turned to the Gujarat Police ATS for assistance.
The primary suspect, Labhsankar Maheshwari, was identified following a thorough technical examination and background investigation. Maheshwari is suspected of helping the Pakistani agency obtain an Indian WhatsApp number by disclosing the OTP used to create the account.
Further cooperation with the Air Force Intelligence enabled the identification of a targeted Android device, which was subsequently subjected to cyber forensic examination by the Gujarat Police ATS. The examination revealed that the number 90xxxx6792, originating from Pakistan, was involved in targeting and hacking mobile devices belonging to Indian Defense personnel, with the aim of acquiring sensitive information.
It is suspected that the Pakistani agency may have gathered substantial information on APS students and their guardians through potential vulnerabilities in the school’s website or Android application, “DigiCamps,” commonly used for fee payments. These schools fall under the purview of the Army Welfare Education Society (AWES), a private entity supported by the Indian Army.
With concrete evidence and additional information gathered through on-ground verification, the Gujarat Police ATS filed an FIR, invoking relevant sections of the Indian Penal Code and the Indian IT Act against Labhsankar Maheshwari. He was arrested from his residence in Tarapur, Anand district, Gujarat.
It was discovered during initial interrogation that Labhsankar Maheswari, a former Pakistani Hindu, had travelled to India in 1999 with his wife in order to receive reproductive therapy. With the assistance of his in-laws, he made his home in Tarapur, flourished as a businessman, and was granted Indian citizenship in 2006. During the early 2022 visa application process and a trip to see his parents in Pakistan, he developed relationships with a Pakistani spy agency. In addition to helping to set up the WhatsApp account, he sent the SIM card to Pakistan and gave the hostile agency additional support by sending money to other alleged espionage conduits.
The WhatsApp number 90xxxx6792, facilitated by Labhsankar, was used by the Pakistani agency to compromise multiple mobile devices belonging to Indian citizens, most of whom were associated with security forces, thus violating the Indian IT Act.
The extent of the accused’s involvement with the Pakistani intelligence agency and the damage caused is currently under joint analysis by MI and the Gujarat Police ATS. The latter is expected to request police custody for the accused at a local court soon.
For any Indian Android phone users who have received a similar “.apk” file from WhatsApp numbers such as 90xxxx6792, it is advisable to perform a ‘factory reset’ to mitigate further data loss from their devices.
Security officials consider the capture of this spy an important victory since it will likely thwart Pakistani intelligence agencies’ evil plans and prevent the exposure of sensitive data. Additionally, it acts as a deterrent to malicious hacking attempts by adversaries who aim to steal information from security forces and common Indian citizens.