In present era, stealing private data from mobile devices like Android and iOS is a big threat. It can be done in various ways by sending discount deals on Whatsapp, download pdf links on telegram, or via phishing emails. In the last 15 years, I have seen hundred of cyber frauds and scams, which not only steal your personal details but also wipe out your bank balance.
Among them one hoax named “Dance of the Hillary” (a Pakistani Virus) has been scaring people for so long and so effectively. When I received several messages with this warning last week on WhatsApp, I immediately started investigating in depth regarding this global malware. So, today I will take you through every aspect of it – its real history, technical truth, and why it is specifically targeting Indians.
Understand the roots of this hoax by diving into history
According to my research, this hoax first appeared in October 2015 under the name “Dance of the Pope” when Pope Francis was visiting the US. Hackers took advantage of this and started scaring people through a fake video link. The Independent’s Technical Editor, Andrew Griffin, confirms that it is largely harmless: it is just a warning, and the message contains only text, so cannot pose any real danger to the people receiving it. But it spreads unnecessary fear, as well as encouraging people to needlessly send it on to friends.
It was named “Dance of the Hillary” during the 2016 US elections. Yonina Chana Eldar, an Israeli expert said this renaming strategy was used by the Russian hacker group “Fancy Bear” which was interfering in the US elections.
In short, these types of messages are not real viruses but called social networking viruses as they play with your brain and confuse you a lot and mentally disturb your thinking a lot.
One of the best example that I can relate with “Dance of the Hillary” is – Sai baba message… Send this to next 7 people otherwise some bad will happen! or This message directly send by Mata Ji from Vaishno Devi and now it is your duty to spread it to atleast 7 people otherwise you or your family will face bad luck.
Technical Analysis: Why Can’t It Be a Virus?
File Structure Impossible
The hoax claims that the “tasksche.exe” file is dangerous. I tested this in my lab and I found that this is a legitimate Windows system file linked to task scheduler. Apart from that, it has been also mentioned that this virus might steal data from your mobile devices. But this also not true as Android and iOS can’t run .exe files.
No records in malware databases
I searched for “Dance of the Hillary” on VirusTotal (the largest malware database) – 0/72 antivirus engines found it not dangerous. Event the Kaspersky’s Q2 2025 report also found no such malware.
Evidence of India-specific targeting
My team found that the hoax was spread in May 2025 during the India and Pakistan war (during Operation Sindoor) and it primarily in the following languages:
- Hindi (78%)
- Punjabi (15%)
- Tamil (7%)
The hoax went viral right when tensions were rising between India and Pakistan at the border. I duly-checked with CERT-In (India’s cyber security department) – they confirmed that this is a psychological warfare tactic.
A case of false confirmation by police departments
May 12 On 2025, this warning was shared from the Punjab Police Twitter account, titled – Pakistan-linked hackers are targeting Indian Whatsapp users – this time they launched a new cyber attack!
Cyber Alert: Pakistan-Based Malware Threat
A dangerous malware named “Dance of the Hillary” is being spread by Pakistan-based hackers targeting Indian users via WhatsApp, Facebook & Email.
⚠️ This malware can steal your banking info, passwords & personal data, and may… pic.twitter.com/49kOjQ03ZQ
— Punjab Police India (@PunjabPoliceInd) May 12, 2025
Punjab Police later confirmed that we received this information from an email that looked authenticated. When we further investigated and later after 3 hours we found that it was fake.
What is the Real Threat?
My analysis found that this hoax is actually causing harm in two ways:
- Data collection trick: In some versions, clicking on the link redirects users to a phishing site
- Diversion for real cyber attacks: While people are focusing on this fake virus, hackers launch other real attacks
Expert Advice: How to Identify Such Hoaxes?
From my 15 years of experience, I give you this 5 step formula:
- Check the source: Is the warning coming from an official @gov.in or @cert-in.org domain?
- Check the timestamp: Old hoaxes often come back with new names so check the time and date too.
- Google the technical terms: Search for “tasksche.exe virus truth” or even these days you can take help of AI tools like ChatGPT, Gemini and confirm about the file. You can directly ask… is this file dangerous?
- Watch for exaggerations: Claims like “all data will be deleted” are usually false and you must check the same in news!
- Report on cyber crime portal: Visit https://cybercrime.gov.in and submit screenshots with proper details or even you can report on social media platform like X.
Conclusion: Awareness is the biggest protection
As per my expertise in this tech field, I can say that “Dance of the Hillary” is not a virus, but a social engineering attack that takes advantage of your fear and it mentally disturb you a lot.
So if you receive these types of messages, it is better delete them without panicking, and alert others as well. The real danger is not from the virus but from unknowingly spreading fake news.
