What it is?
(Login As A Service)
We are building a user friendly & hack resistant password, even if attacked by:
- Phishing.
- Remote access trojans where the device is remotely controlled & inputs seen byhackers.
We also help enhance & protect passkeys.
The Problem We’re Solving
- Digital fraud today targets humans, not just credentials.
- Even strong security methods like passwords, OTPs, biometrics, and passkeys fail once a device is compromised.
Problems
1. Remote Access Trojans (RAT)
- Attackers gain full control of the victim’s device.
- They can see the screen, click buttons, read OTPs, sometimes can even approve biometric prompts by utilizing prompt push fatigue, and complete transactions.
2. Phishing That Bypasses MFA
- Real-time phishing can relay:
- OTPs
- Push approvals
- Biometric prompts
- Users approve actions without fully understanding context (“MFA fatigue”).
- Real-time phishing can relay:
3. Biometric & Push Approval Abuse
- Usually biometrics authenticate presence, not intent.
- Attackers exploit:
- Repeated push requests
- Accidental approvals
- Social engineering pressure
4. Passkey Cloud Sync & Recovery Weaknesses
- Cloud-synced passkeys create a single point of failure.
- Recovery flows fall back to weaker channels (email/SMS).
- Once recovery is abused, attackers can register new passkeys.
5. Static Secrets
- Passwords, PINs, and OTPs are:
- Observable
- Replayable
- Phishable
- Malware simply watches then acts.
- Passwords, PINs, and OTPs are:
USE CASES FOR BANKS
Probable Use case 1 High Value Transactions:
UPI has a limit on how much money one can send in one transaction or per day.
So, people may go to internet banking for high value transactions.
Here the visual passwords as a SAAS may be helpful.
Use case 2 Internet Banking for corporates:
Corporates and private limited companies usually use internet banking on desktops.
Here before logging in the internet banking the visual password as a SAAS can come.
Use case 3 HNI’s:
HNI’s usually do high value transactions; they can add it as an option.
How are you solving it? (Approach, model, key advantage)
We operate as a Security-as-a-Service (SaaS) layer that integrates with existing login systems like passkeys, passwords, or biometrics. Think of our company sitting on top of traditional passwords which are susceptible to phishing and RAT attacks. We provide an additional layer which is “login mechanism as a service” sitting above the regular authentication mechanisms like passwords, OTP, Passkeys etc…. Our service is phishing proof and RAT resistant.
So when the user tries to login he will be presented with the traditional username and password. After inputting these inputs, he will be redirected to our portal using the API calls.
There he will complete the visual password challenge and finally after our authentication is successfully carried out he will be redirected to the original website. There he will be logged in successfully. This is similar to how the payment gateways work.
We replace static passwords, OTPs, and blind biometric approvals with a visual password that authenticates the human’s intent, not just the device.
With a visual password, the user has secret items and a private mental rule.
Every login shows changing numbers or symbols on the screen.
The attacker may see the screen, but cannot know the secret rule or how the final answer is calculated.
This breaks RAT attacks because watching the screen is useless.
It breaks phishing because nothing reusable is typed or approved.
It breaks MFA fatigue because there are no random push requests to “accept.”
Even if passkeys are cloud-synced or recovered through weak channels, the visual password still acts as a second human-only lock.
Key advantage: nothing static, nothing replayable, nothing auto-approvable.
Essentially making RAT & Phishing un-hackable, which are todays most used fraud attacks.
USP & Competitive Advantages
1. It doesn’t require OTP or 2nd factor of authentication.
2. Works with feature phones. Even an uneducated person can operate it.
3. *No phishing possible*.
4. Even if the password is seen hundreds of times, it is still not known. Since the password is dynamic in nature.
5. No mobile phone required, if attempted on computer.
6. No mobile prompts required.
7. Can put a password directly on a desktop or laptop.
8. No bio metric required.
Target Customers
Wherever an easier and more secure option is required than PIN, Password or bio access.
Specifically, our primary customers are banks, fintech platforms, and payment apps that need strong protection against fraud caused by Remote Access Trojans (RAT), phishing, and social-engineering attacks.
We also target crypto exchanges and wallet providers, where stolen credentials or compromised devices can lead to irreversible losses.
Another key segment is enterprises and SaaS platforms that handle sensitive logins (finance, healthcare, admin systems) and want security beyond passwords, OTPs, and push approvals.
Finally, we focus on high-risk end users—such as senior citizens, high-net-worth individuals, and frequent online banking users—who are most affected by scams and need protection even when their device is compromised.
Core idea: anyone who cannot trust the device, but must still trust the human.
Virtual Walll, Second Solution
- Our company Wallnetsafe Technologies Private Limited is developing a comprehensive fraud fighting solution to stop online phishing scams, which is very useful for internet banking users, with the help of a virtual walll.
- With help of same virtual walll we are also developing a solution for other online scams like Advance fees scams, Job scams, Dating scams etc..
- Furthermore, the solution encompasses fighting of call spoofing.
- Last but not the least it also deters phone call spam & call scams like Digital Arrest etc.
USP & Competitive Advantages
1. It doesn’t require OTP or 2nd factor of authentication.
2. Works with feature phones. Even an uneducated person can operate it.
3. *No phishing possible*.
4. Even if the password is seen hundreds of times, it is still not known. Since the password is dynamic in nature.
5. No mobile phone required, if attempted on computer.
6. No mobile prompts required.
7. Can put a password directly on a desktop or laptop.
8. No bio metric required.
Most Used & Dangerous Remote Access Trojan (RAT) Scam
Real Life Story: The Pain Point From Times of India Newspaper; 13 Nov 2025 Police arrested three men — **Sarfaraz Ansari (24), Riyas Ansari (22), and Shehzad Ansari (20)** — from Jamtara, Jharkhand. The gang targeted people across **17 Indian states**, carrying out **121 fraud cases** using a single scam network. Their operation involved sending **malicious APK files** disguised as “traffic-challan payment apps” to victims through WhatsApp. When victims installed the APK, **malware took control of their smartphones**, allowing the scammers to read messages, intercept OTPs, and access banking apps. With this control, the scammers **transferred money into mule accounts**, draining victims’ funds without their knowledge.
Remote Access Trojan RAT Scam Contd…
The case came to light when a **senior citizen in Surat lost ₹2.45 lakh** after installing one such APK, leading police to trace the gang from Kolkata to Jamtara. Bank analysis showed **suspicious incoming transactions** in the accused persons’ accounts across multiple banks such as SBI, Axis Bank, and PNB indicating systematic money laundering. The total amount defrauded by the gang was found to be **₹1.02 crore**. The network worked in layers: members in **Jamtara** created and sent the fake apps, others in **Kolkata** withdrew stolen money, while another group managed **mule accounts**. Police issued warnings stating that **real traffic-challan notices are never sent via APK files or WhatsApp links**, urging people to use only official government portals for payments. https://timesofindia.indiatimes.com/city/surat/surat-cops-bust-jamtara-gang-behind-1cr-rto-challan-fraud/articleshow/125283410.cms?
Solution Overview
Creating a Safe Phishing Free & Spam Free World.
Anti Phishing / Remote Access Trojan(RAT)
The Virtual Walll is like a safe city on the internet where only trusted websites and real people are allowed. It keeps a directory (a list) of safe websites (like Banks, Ecommerce etc) and genuine users. A special patent pending technology makes sure nobody can “phish” their way in. This means only real people, not hackers or scammers, can get inside.
To join the Virtual Walll, every user logs in with their phone number . This phone number is verified with another patent pending solution that stops number spoofing. For example, if your number is 9876543210, nobody else can pretend to be you with that number. This ensures each phone number belongs to the actual SIM card owner. In addition, every account is locked to both the SIM card and the user’s device . This means even if a hacker gets your number, they cannot log in from another phone or computer.
Inside the Virtual Walll, websites can only be created by users who have already registered their phone numbers. So, if someone wants to create an ecommerce shop website, they must first prove their phone number is real.
To ensure only legitimate sites stay inside, a patent pending AI constantly checks every website. This is done by keeping a list of “reserved words and images” for each genuine organisation. For example, the name “Citibank” and its logo are reserved only for the real Citibank site. Every time a site is created or updated; the AI checks its login page. If it sees “Citibank” name or logo used by another site pretending to be Citibank, it flags that site and removes it from the Virtual Walll. The person who created the fake site is also removed.
As scammers try to scam in the Virtual Walll, they are blocked and removed automatically . Over time, older websites and long used phone numbers become more trusted because they have a clean history, just like old shopkeepers in a town who have built a good reputation. In simple words, the Virtual Walll is a combination of verified users, secure phone numbers, AI based website checks, and strict identity rules. Together they create a safer internet space where only real people and genuine websites can exist just like a gated community with ID cards, CCTV, and trusted shopkeepers. This technology does not stop at websites. It can also be extended to block other online scams.
In addition to phishing protection, the Virtual Walll also tackles scams like job scams, dating scams, advance fee scams etc. If someone inside the Wall tries to run such a scam, other users can report it easily with screenshots and recordings. When many such reports are received, the suspicious user or website can be quickly scrutinized & removed from the Walll if found guilty of scamming. To catch scammers faster, there will also be AI “honeypots” bots that pretend to be victims. If a scammer tries to cheat a honeypot, they and their site will be flagged and removed automatically. On top of this, there will be bounty rewards for users who report scammers. If the scam is confirmed, with help of say a sting operation, the scammer is removed from the Walll and the person who reported it is awarded a prize. This combined approach keeps job scams, dating scams, advance fee scams and similar frauds out of the Virtual Walll.
Anti Spam
After a call is answered this proposed patent pending system allows a normal conversation between both parties, but once the call ends, the mobile app speaks to the user in a clear voice asking whether the call was spam or a tele caller . Because the prompt is spoken rather than just shown, people are more likely to reply with a simple “yes” or “no.” If the user says “yes,” the app immediately follows up to ask whether the call related to loans, insurance, banks or appeared to be a scam, and stores this information securely in a central database . By combining this crowd sourced spam reporting with anti spoofing checks (such as caller ID authentication and
verification of originating numbers before calls are connected), the app can warn future recipients more reliably. This voice prompt can be made only thrice to each person / day and once a calling number is reported in the spam database the voice doesn’t ask further.
When such a spam reported number calls someone else, the phone instead of a ringtone will announce aloud with help of the mobile app before the call is answered or if the call goes unanswered that, for example, “ a spam loan call reported by 20 people is incoming or was calling,” instead of showing a red box. This pre answer voice alert prevents disturbance at work, while driving, or during rest . If the user chooses not to take the call, the AI agent asks whether to block the number and executes the block on a spoken command.
If the user does answer the call , the process repeats after the call ends, steadily strengthening the anti spam database and creating a real time, voice first protection layer against unwanted and fraudulent calls. If this systems is not feasible in iOS then android users will report and iOS will only use it to block.
This method can help thwart scams like digital arrest as they will be reported. As a result of which very less people will fall victim to these scams. Optionally, there is also an action taken by an anti spoofing solution. This action ensures that the incoming call is not spoofed. Else if it is spoofed then incorrect
Business Model
We plan to create a virtual wall on the internet. Inside this wall people will run ads similar to Google ads. We will earn revenue through these ads. Moreover, we will also charge websites that want to be listed inside the virtual wall Users will pay because they get better ROI and won’t face problems that they face while running ads on Google: Real Users
Real Users Only
All users are real and verified – no bots
Protected Ad Budget
Competitors can’t click on ads to waste budget
Verified Accounts
No fake accounts: Users need to log in using a valid identity
Traceable Engagement
Clicks are traceable and linked to known users
Main attack vectors that may compromise passkeys
There are two main attack vectors that may compromise passkeys.
First reset of passkeys:
In it there is a OTP on email and small which may be compromised.
Kyc for banks which had insider threats.
Approval on other devices which may be done via fake approval exhaustion or by controlling the device prompts.
Second is if on desktop PIN gets known via keylogger and remote control execution is the then the passkeys can get compromised.
The answer is visual password instead of regular pin however if visual password server gets compromised then as the password are stored in salt and hash there is no risk.
Meet the Founder
Aniket Deshpande
Bachelor of Engineering in Electronics & Telecommunication from MGM’s, Jawaharlal Nehru Engineering College, Sambhaji Nagar, Maharashtra
Also Post Graduate Program in Marketing, Maharashtra Institute of Technology, Pune, Maharashtra, India
- Email : aniket.personal321@gmail.com
- Phone : +91 8767061161
- Open for Investment & Licensing Opportunities
https://cybersecuritynews.com/new-malware-toolkit-sends-users/amp/
https://www.newsband.in/article_detail/fake-apk-apps-drain-rs-43-lakh-from-navi-mumbai-residents
https://the420.in/ghaziabad-ecommerce-investment-scam/
Kolkata Loses ₹482 Crore to Cyber Fraud in Two Years; 80% Victims Senior Citizens
https://the420.in/kolkata-cyber-fraud-482-crore-digital-prahari-seniors/