The start of 2026 saw a new trend: Indian social media feeds across platforms like X (formerly Twitter), Telegram, and Instagram have been bombarded with a specific type of sensational content with unique time stamps: alleged "leaked private videos" of female influencers from neighbouring countries, Bangladesh and Pakistan. These video clips or image thumbnails include a timestamp and entice users to click the link to view the full video.

The trend began with Pakistani names like "Marry and Umair" and the widely searched "Fatima Jatoi 6 minutes 39 seconds" video. Now, it has expanded eastwards, with searches for Bangladeshi content creator "Arohi Mim 3 minute 24 second viral video" gaining immense traction. Arohi Mim '3 Minutes 24 Seconds' Viral Video is The New Trap Link.

While on the surface, this appears to be a morbid fascination with scandal across borders, cybersecurity analysts reveal a more calculated reality. Indian users are the primary target of a sophisticated, cross-border "clickbait" campaign designed to spread malware and harvest user data.

The 'Neighbourhood  Honey Trap' for Indians

Why are Indian netizens so hooked? Scammers are expertly exploiting a unique psychological trigger. India shares deep linguistic and cultural ties with both Pakistan and Bangladesh. Yet, political borders create a sense of separation and eagerness to explore more about these countries, especially when it is linked to a sensational topic.  Are the Pakistani Umair 7:11 and Fatima Jatoi Viral Video Leaks Part of a Digital Honey Trap Against Indians?

This combination creates a powerful "forbidden fruit" effect. Content from across the border feels familiar enough to be relevant but distant enough to be exotic and scandalous. A search term like "Pakistani TikToker viral video" or "Bangladeshi influencer leak" generates a level of curiosity among Indian users that local content often cannot match. Scammers are weaponising this shared cultural sphere to drive massive traffic to their malicious websites.

Hook to Get Full Video: Specific Times and Phishing Links to Honey Trap

This specific modus operandi represents a convergence of social engineering (psychological manipulation) and advanced persistent threats (technical malware). It is not merely a scam but often a calculated espionage effort, frequently attributed to state-sponsored actors targeting Indian nationals.

The Honey Trap Setup: Curation of False Personas

The attack begins long before the first message is sent. Threat actors meticulously construct synthetic identities designed to lower a target's defences.

The "Exotic" Lure: Profiles are crafted to appear as women, often claiming residency in the UK, Bangladesh or Pakistan. The "UK" backstory is frequently used to project a sense of affluence or Western alignment, while the Pakistan and Bangladesh angle may be used to exploit cultural curiosity or specific linguistic commonalities.

Visual Authenticity: To establish credibility, attackers utilise Deepfakes or scraped images from the social media accounts of real, unsuspecting women. These stolen photos are used to populate a timeline that looks organic, complete with fake hobbies, check-ins, and consistent posting histories.

The Grooming Phase: Psychological Manipulation

The Indian users looking for these leaked videos are lured by the fake female profiles to get the full link and start a chat. Once a connection is made with the victim, often Indian defence personnel, government officials, or social media users with access to sensitive networks, the grooming process begins.

Emotional Investment: The attacker invests significant time in building a rapport. This phase involves romantic overtures ("romance scamming") or friendly intellectual debates. The goal is to shift the victim from a state of caution to a state of emotional dependency or trust.

Platform Migration: A critical step in the operation is moving the target away from public platforms (like Facebook or X) to encrypted, private messaging apps (like WhatsApp, Telegram or Signal). This creates a false sense of security and intimacy for the victim.

From Chat to Compromise

The pivot from conversation to cyberattack is subtle. Once the attacker senses the victim's guard is down, they weaponise the victim's curiosity or desire for intimacy.

The "Exclusive" Content Trap: The attacker offers to share "exclusive" personal photos, videos, or a link to a "secure" private chat application.

The Technical Deception: These files are rarely harmless media. They are often:

Weaponised Files: Image or video files containing hidden malicious code (Steganography).

Malicious APKs: Fake applications disguised as gallery apps, dating platforms, or video players.

Android/iOS Vulnerabilities: When the victim attempts to view the content or install the app, they inadvertently grant permissions that bypass the operating system's security sandboxes.

The Aftermath: Total Digital Surveillance

The malware deployed is typically a Remote Access Trojan (RAT) (such as the notorious 'CapraRAT' or variations used by groups like Transparent Tribe). Once installed, the device effectively becomes a surveillance bug in the victim's pocket.

Data Exfiltration: The malware silently copies contact lists, call logs, and SMS messages (often used to intercept OTPs).

Real-Time Spying: It can activate the microphone and camera to record ambient conversations or video without the user's knowledge.

Location Tracking: The attacker gains real-time GPS access, mapping the victim's movements and routines.

Filesystem Access: Perhaps most damaging, the attacker gains full access to the photo gallery and local documents, leading to potential blackmail (sextortion) or the theft of sensitive official documents.

As highlighted by recent reports from Meta and security agencies, this is not random cybercrime; it is Cyber-Espionage. The targeting of Indian officials suggests the primary goal is often intelligence gathering on defense maneuvers or critical infrastructure, with "sextortion" serving as a secondary lever to force ongoing compliance from the victim. Meta Shuts Pakistan Hackers Targeting Indian Officials via Honey Trapping, Malware.

Fact-checks on the Fatima Jatoi trend have suggested that the claims are either complete fabrications or involve AI-generated deepfakes, where a person's likeness is non-consensually superimposed onto explicit material. In other instances, scammers have been caught using benign, years-old vlogs or street interviews (vox pops) of women in burqas, relabeling them as "leaked MMS" to generate clicks. The names of real influencers like Jatoi and Mim are used merely as keywords to add a layer of authenticity to the hoax. What Arohi Mim and Fatima Jatoi Must Learn from Payal Gaming: Fighting Viral Video Deepfakes Links Legally.

From Lahore to Dhaka, the flood of cross-border "leaked video" trends is not a harmless internet fad. It is a coordinated effort to exploit the massive Indian internet user base. We at LatestLY urge users to exercise extreme caution while clicking any link. The rule of thumb is simple: if a viral link on social media promises a scandalous video from across the border, it is almost certainly a trap designed to compromise your digital safety.

TruLY Score by LatestLY
Rating:5

TruLY Score 5 – Trustworthy | On a Trust Scale of 0-5 this article has scored 5 on LatestLY. It is verified through official sources (LatestLY Editorial Team). The information is thoroughly cross-checked and confirmed. You can confidently share this article with your friends and family, knowing it is trustworthy and reliable.

(The above story first appeared on LatestLY on Jan 24, 2026 01:43 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).