Cyber Security News

PrintSteal Cybercrime Group Mass-Producing Fake Aadhaar & PAN Cards

A large-scale cybercrime operation dubbed “PrintSteal” has been exposed, revealing a complex network involved in the mass production and distribution of fraudulent Indian KYC documents.

The operation, which has been active since at least 2021, utilizes a vast network of over 1,800 domains to generate fake Aadhaar cards, PAN cards, and birth certificates on an unprecedented scale.

Infrastructure and Methodology

The PrintSteal group operates through a sophisticated infrastructure that includes centralized web platforms, illicit APIs for data retrieval, and encrypted communication channels.

The operation’s primary website, crrsg.site, has been identified as a hub for document generation, with over 167,391 fake documents produced to date.

PrintSteal CybercrimePrintSteal Cybercrime
Screenshot of Aadhar card generation form from crrsg.site

The group’s modus operandi involves creating fraudulent platforms that impersonate legitimate government services, particularly the Common Service Centre (CSC) scheme.

These platforms offer critical KYC services at minimal fees while bypassing standard security protocols.

The operation relies on a network of affiliates, including local mobile shops and cyber cafes, to distribute the fraudulent documents.

Technical analysis by CoudSek reveals that the platforms are built using PHP-based admin panels with MySQL databases.

The frontend utilizes jQuery and Bootstrap 4 for a user-friendly interface.

The group integrates illicit APIs from sources like apizone.in and hhh00.xyz to efficiently retrieve sensitive data for document generation.

Financial Impact and Attribution

Financial investigations indicate that the threat actor behind crrsg.site alone has generated an estimated ₹40 Lakhs in revenue.

However, given the operation’s scale across multiple platforms, the total financial impact is likely significantly higher.

Attribution efforts have linked the crrsg.site operation to an individual named Manish Kumar, operating under the alias “Mg Khaan.”

Kumar’s personal details, including contact information and financial identifiers, have been uncovered as part of the investigation.

The PrintSteal operation poses severe risks to national security, financial systems, and public trust in government initiatives.

Chart displaying the activity PrintSteal across states

The widespread availability of fraudulent KYC documents facilitates various criminal activities, including identity theft, financial fraud, and potential terrorism financing.

Cybersecurity experts recommend a multi-faceted approach to combat this threat, including immediate law enforcement action, enhanced security protocols for document verification, and international collaboration to disrupt the criminal network.

Implementing AI and machine learning for fraud detection, strengthening legal frameworks, and launching public awareness campaigns are also crucial steps in mitigating the impact of this sophisticated cybercrime operation.

As the investigation continues, authorities are urged to take swift action to dismantle the PrintSteal network and prevent further proliferation of fraudulent identity documents across India.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 hours ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 hours ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

3 hours ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

3 hours ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

6 hours ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

7 hours ago