Karnataka battles polymorphic malware surge as Rs 2,900 crore vanishes in 2024

Karnataka's reliance on signature-based cybersecurity systems proves ineffective against polymorphic malware, with experts stressing the need for AI-powered solutions and real-time monitoring to tackle these evolving and sophisticated digital threats

In spite of Karnataka's proactive steps in addressing cybercrime, including appointing cyber technicians and creating a dedicated cybercrime police station, fraudsters continue to stay ahead by deploying polymorphic malware. This type of malware is highly sophisticated and has become a major challenge for cybersecurity systems across the state. In 2024, only a fraction of cybercrime cases were resolved—1,248 out of a staggering 20,092—and the financial losses amounted to a huge Rs 2,900 crore.

What sets polymorphic malware apart is its ability to constantly alter its code, making it impossible for traditional antivirus programs to recognize or block it. Unlike standard malware, which relies on fixed patterns for detection, polymorphic malware encrypts itself, modifies its behaviour, and injects misleading data, ensuring it evades detection. As a result, it is able to compromise systems, steal sensitive data, and cause widespread damage without being caught.

Call it a digital chameleon

Security experts describe this malware as a “digital chameleon,” since it can change its appearance and behavior, thus complicating efforts to detect and remove it. The malware spreads through common entry points such as phishing emails, malicious downloads, and fake website links.

Once inside a system, it deploys keyloggers to capture passwords, banking details, and personal information. Some variants even direct users to fake banking portals to capture login credentials. Furthermore, polymorphic malware spreads across networks, constantly altering its code, making it nearly impossible to eliminate.

Need for advanced cybersecurity

Karnataka, which was the first state in India to set up a specialized cybercrime police station, is taking significant measures to counter these evolving threats. The state is set to enhance its Forensic Science Laboratory (FSL) with state-of-the-art tools to address the growing sophistication of cybercrime. Additionally, over 4,000 police officers, judicial officers, and government officials have been trained in cybercrime investigation.

However, Karnataka still relies on signature-based cybersecurity systems, which are no match for polymorphic malware that keeps changing its form. Experts emphasize that more robust, AI-powered cybersecurity solutions and real-time monitoring are essential to effectively combat these advanced threats.