A new cybersecurity threat is targeting Indian internet users, prompting a nationwide alert from the Ministry of Electronics and Information Technology (MeitY). The malware, dubbed 'IndraNet,' is designed to steal sensitive financial data and personal information, officials announced this morning. This alert comes amid growing concerns about increasing cyberattacks targeting Indian infrastructure and citizens.

The Indian Computer Emergency Response Team (CERT-In) has issued a detailed advisory outlining the malware's capabilities and methods of propagation. IndraNet primarily spreads through phishing emails disguised as official communications from banks, government agencies, or popular e-commerce platforms. These emails contain malicious attachments or links that, when clicked, install the malware onto the user's device. Once installed, IndraNet can monitor keystrokes, capture screenshots, and steal login credentials for various online services.

IndraNet Malware: Technical Details and Impact

According to the CERT-In advisory, IndraNet is a sophisticated piece of malware that employs advanced obfuscation techniques to evade detection by antivirus software. It also uses a command-and-control (C&C) server located outside of India to receive instructions and exfiltrate stolen data. The malware is capable of targeting both desktop and mobile devices running Windows, Android, and iOS operating systems.

“This is a serious threat that requires immediate attention from all Indian internet users,” said Dr. Sanjay Sharma, a cybersecurity expert at the Indian Institute of Technology (IIT) Delhi. “Users should be extremely cautious about opening suspicious emails or clicking on links from unknown sources. Keeping your software up to date and using a reputable antivirus solution is also crucial.”

Government Response and Mitigation Measures

MeitY has directed all critical infrastructure providers, including banks, telecom operators, and power companies, to implement enhanced security measures to protect their systems from IndraNet. The government is also working with internet service providers (ISPs) to block access to the C&C server used by the malware. Speaking to News Reporter Live, a senior MeitY official reportersays that "We are taking all necessary steps to mitigate the threat posed by IndraNet and protect Indian citizens from cyberattacks. We urge everyone to remain vigilant and report any suspicious activity to CERT-In immediately." The official added that a public awareness campaign is underway to educate users about the risks of phishing and malware.

Protecting Yourself from Cybersecurity Threats

The best defense against IndraNet and similar malware is vigilance and good cybersecurity hygiene. Here are some tips to protect yourself:

• Be wary of suspicious emails, especially those asking for personal information or containing attachments from unknown senders.
• Never click on links in emails from unknown sources.
• Keep your software and operating systems up to date with the latest security patches.
• Use a reputable antivirus solution and keep it updated.
• Enable two-factor authentication (2FA) on all your online accounts.
• Regularly back up your important data.
• Report any suspicious activity to CERT-In.

As of today, March 19, 2026, there have been confirmed reports of IndraNet infections across several Indian cities, including Mumbai, Delhi, and Bangalore. The financial losses attributed to the malware are still being assessed, but officials warn that they could be significant. The incident underscores the growing importance of cybersecurity in India's digital economy. You can also use our EMI Calculator to quickly calculate your loan plans.