Cybersecurity Alert: New Malware Targets Indian Banking Systems

New Delhi, Tuesday, March 31, 2026 – A critical cybersecurity threat has been issued for Indian banking systems following the discovery of a sophisticated new malware strain dubbed “IndusHunter.” The Indian Computer Emergency Response Team (CERT-In) raised the alert level to “critical” earlier today, warning financial institutions to immediately update their security protocols.

Initial reports indicate that IndusHunter is designed to bypass traditional antivirus software by utilizing polymorphic code, which constantly changes its structure to avoid detection. Speaking to News Reporter Live, cybersecurity expert Rohan Sharma explained, “This malware is highly advanced. Its ability to morph makes it significantly harder to identify and neutralize. Banks need to act swiftly.”

IndusHunter: What We Know About the Malware

According to CERT-In, IndusHunter primarily targets vulnerabilities in older ATM systems and core banking software. The malware attempts to steal customer credentials, transaction data, and potentially manipulate account balances. The threat isn't limited to ATMs; IndusHunter can also infiltrate internal bank networks through phishing emails targeting employees. The emails often appear to be legitimate communications from regulatory bodies or internal departments.

Here's a breakdown of IndusHunter's key characteristics:

• Polymorphic code: Changes its code structure to evade detection.
• ATM targeting: Exploits vulnerabilities in older ATM systems.
• Phishing attacks: Uses deceptive emails to infiltrate bank networks.
• Data theft: Steals customer credentials and transaction data.

Comparing IndusHunter to Previous Threats

IndusHunter's sophistication sets it apart from previous malware threats targeting Indian banks. While past attacks, like the “ShadowNet” campaign in 2024, relied on simpler techniques, IndusHunter employs advanced obfuscation and anti-analysis measures. This makes it more challenging to reverse engineer and develop effective countermeasures. Rohan Sharma reportersays, "IndusHunter is a significant leap in sophistication compared to previous threats we've seen targeting the Indian financial sector. The level of coding and the techniques used, signifies a well-funded and highly skilled threat actor."

The table below compares IndusHunter with ShadowNet:

Feature	IndusHunter	ShadowNet
Code Complexity	High (Polymorphic)	Low (Static)
Primary Target	ATM & Core Banking Systems	Customer facing Web portals
Attack Vector	Phishing, Exploit Kits	SQL Injection, Cross-Site Scripting
Detection Rate	Low (Initial)	Moderate

Mitigation and Prevention Strategies

CERT-In has issued a detailed advisory outlining mitigation strategies for banks, including:

• Immediately patching all known vulnerabilities in ATM systems and core banking software.
• Implementing multi-factor authentication for all critical systems.
• Conducting regular security audits and penetration testing.
• Training employees to identify and report phishing emails.
• Deploying advanced threat detection systems capable of identifying polymorphic malware.

Banks are urged to share threat intelligence with each other and with CERT-In to facilitate a coordinated response. The Reserve Bank of India (RBI) is also expected to issue additional guidelines to reinforce cybersecurity measures across the banking sector. This week, the RBI is holding meetings with key stakeholders to discuss further steps.