Red Fort blast: Probe team gets suspicious calls, malware-laced ZIP file

Several members of the investigation team probing the car blast near the Red Fort, which killed 13 people and injured over 20, have reported receiving suspicious calls followed by a WhatsApp message containing a ZIP file laced with malware.

According to the police, the message came from a fake account impersonating a girl named “Drishti.”

The ZIP file reportedly contained a “Trojan” virus, a type of malicious software that disguises itself as a legitimate file to trick users into installing it. Once activated, it can steal data, corrupt files or grant remote access of the device to attackers.

Investigators said the IP address behind the fake WhatsApp account has been traced to Pakistan.

As a preventive measure, the police have advised personnel not to open unidentified links or download unsolicited attachments.

So far, officials confirmed that no device has been compromised.

Messages reviewed by The Tribune show the sender claiming: “Sir, I am Drishti here, I have some evidences regarding the blast,” followed by the infected ZIP file.

Trojan is a type of malware that typically gets hidden as an attachment in an email or a free-to-download file, then transfers onto the user’s device.

Once downloaded, the malicious code will execute the task the attacker designed it for such as gain backdoor access to corporate systems, spy on users’ online activity or steal sensitive data.

Earlier, it had emerged indicating that the accused communicated with each other via application that uses default end-to-end encryption.

Sources said Dr Umer un-Nabi, Dr Muzammil Ahmad Ganaie and Dr Shaheen Shahid linked to Al-Falah University were in constant touch through an encrypted platform “Threema” app.