PrintSteal Cybercrime Group Mass-Producing Fake Aadhaar & PAN Cards

A large-scale cybercrime operation dubbed “PrintSteal” has been exposed, revealing a complex network involved in the mass production and distribution of fraudulent Indian KYC documents.

The operation, which has been active since at least 2021, utilizes a vast network of over 1,800 domains to generate fake Aadhaar cards, PAN cards, and birth certificates on an unprecedented scale.

Infrastructure and Methodology

The PrintSteal group operates through a sophisticated infrastructure that includes centralized web platforms, illicit APIs for data retrieval, and encrypted communication channels.

The operation’s primary website, crrsg.site, has been identified as a hub for document generation, with over 167,391 fake documents produced to date.

The group’s modus operandi involves creating fraudulent platforms that impersonate legitimate government services, particularly the Common Service Centre (CSC) scheme.

These platforms offer critical KYC services at minimal fees while bypassing standard security protocols.

The operation relies on a network of affiliates, including local mobile shops and cyber cafes, to distribute the fraudulent documents.

Technical analysis by CoudSek reveals that the platforms are built using PHP-based admin panels with MySQL databases.

The frontend utilizes jQuery and Bootstrap 4 for a user-friendly interface.

The group integrates illicit APIs from sources like apizone.in and hhh00.xyz to efficiently retrieve sensitive data for document generation.

Financial Impact and Attribution

Financial investigations indicate that the threat actor behind crrsg.site alone has generated an estimated ₹40 Lakhs in revenue.

However, given the operation’s scale across multiple platforms, the total financial impact is likely significantly higher.

Attribution efforts have linked the crrsg.site operation to an individual named Manish Kumar, operating under the alias “Mg Khaan.”

Kumar’s personal details, including contact information and financial identifiers, have been uncovered as part of the investigation.

The PrintSteal operation poses severe risks to national security, financial systems, and public trust in government initiatives.

The widespread availability of fraudulent KYC documents facilitates various criminal activities, including identity theft, financial fraud, and potential terrorism financing.

Cybersecurity experts recommend a multi-faceted approach to combat this threat, including immediate law enforcement action, enhanced security protocols for document verification, and international collaboration to disrupt the criminal network.

Implementing AI and machine learning for fraud detection, strengthening legal frameworks, and launching public awareness campaigns are also crucial steps in mitigating the impact of this sophisticated cybercrime operation.

As the investigation continues, authorities are urged to take swift action to dismantle the PrintSteal network and prevent further proliferation of fraudulent identity documents across India.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free