Cybercriminals Target Phones with Fake APK Files, Over 400 Victims Reported

Barabanki: Cybercriminals have introduced a new method of fraud, targeting people by sending malicious APK files disguised as e-challans, electricity bills, bank notifications, PDFs, or photos. Over 400 people, including 20–25 police officers, have fallen victim so far.

The scam works when a user installs the APK file sent via WhatsApp, social media, or email. Once installed, the file gives cyber thieves access to the phone’s data, including photos, videos, documents, contacts, OTPs, and bank details. Udai Raj from Asandra reported losing ₹1.5 lakh after opening an APK file on WhatsApp, despite being careful with OTPs and unknown calls.

Cybercriminals are also exploiting the trend of sending wedding invitations via WhatsApp. Experts warn not to click on APK files without verifying the source.

Rajan Yadav, a cybercrime expert, explained that APK files can clone the phone, read OTPs, access WhatsApp chats, record screens, and track bank logins and passwords, giving thieves full control over the device.

Safety Tips:

• Turn off auto-download in WhatsApp.

• Delete files ending with .apk immediately.

• Do not download attachments from unverified sources.

• Avoid entering Aadhaar or bank details in unverified apps.

• Do not search for customer care numbers on Google.

Victims of such fraud should immediately report to the National Cyber Helpline at 1930 or via the complaint portal www.cybercrime.gov.in to help freeze stolen money quickly.

– Arpit Vijaywargiya, SP