In the aftermath of escalating cross-border tensions following the April 22 Pahalgam terror assault, Indian cybersecurity agencies have noticed a worrying shift in strategy: a digital onslaught aimed at civilians. The malware campaign, reportedly linked to Pakistani threat actors, has sparked widespread alarm about Indian residents' vulnerability to targeted cyber assaults.
Officials believe the attack, known as the ‘Dance of the Hillary’ malware, is spreading via WhatsApp, Facebook, Telegram, and email. It disguises itself as video files or documents, frequently ending with suspicious extensions like as.exe—notably tasksche.exe—and, once downloaded, can acquire unauthorised access to mobile devices and computers.
Experts warn that the ultimate purpose is to extract confidential information such as financial credentials, official IDs, and communication records. Intelligence services have declared a high alert and issued public warnings against opening unknown attachments, particularly at a period of global upheaval.
Malware deployment
As India started targeted strikes on terror hubs in Pakistan, including major cities such as Islamabad, security experts believe the digital response is intended to do economic and psychological damage. In response to the Pahalgam massacre, the Indian Armed Forces destroyed numerous drone and missile installations while also targeting terror camps.
In retaliation, Pakistani cyber cells allegedly recruited sleeper operatives and automated botnets to disseminate malware over Indian networks.
The attack looks to be well-coordinated and designed to cause maximum social disruption. Officials believe it is part of a hybrid warfare plan that combines conventional military attack and digital infiltration.
Dance of the Hillary has been identified by cyber researchers as a version of previously known data-stealing trojans that have been repackaged with deceptive file names and distributed through phishing tactics. "What makes it dangerous is its ability to blend into civilian channels of communication and exploit curiosity or emotional responses," explained a CERT-In analyst.
Safety measures
In response, India's cybersecurity response units, including CERT-In and the Ministry of Electronics and Information Technology, launched an awareness campaign encouraging people to avoid downloading suspicious files and sharing unverified links or media.
Citizens are asked to verify texts before forwarding them and to report any suspicious activity to cybercrime departments. The report also recommends installing trusted antivirus programs and updating device operating systems to address known vulnerabilities. Meanwhile, state cyber cells have been directed to monitor social media trends for dangerous content patterns.