How harmful APK files rob identity, money and ways to protect oneself from scammers
These files come in messages falsely claiming to offer government benefits, bank services, KYC updates
By - Newsmeter Network
Representational Image
Hyderabad: The city police have warned people about cyber scammers circulating malicious APK (Android Package Kit) files through social media, messaging platforms, WhatsApp, SMS, Telegram and fake websites.
These files come in messages falsely claiming to offer government benefits, bank services, KYC updates, cashback rewards, job opportunities or investment schemes.
Victims are lured into downloading these apps, which secretly steal personal and banking information — including OTPs — resulting in financial loss and misuse of sensitive data.
Modus operandi in APK file frauds
1. Circulation of fake links: Scammers send links via SMS, WhatsApp, social media or emails disguised as bank/government communications or promotional offers such as RTO Challan. APK, PMKisanYojana.apk, ElectricityCurrentBill.APK, HMWSSB.apk, Creditcard.apk, rewardpoints.apk etc.,
2. Convincing victims to install APK files: Users are asked to download APK files from outside the Google Play Store, claiming fast service or exclusive access.
3. Excessive permissions: During installation, the app requests access to SMS, contacts, screen sharing and notifications — allowing criminals to monitor the device.
4. Data and OTP theft: The malicious app secretly captures sensitive details like mobile banking credentials, One-Time Passwords (OTPs), debit/credit card details and personal information.
5. Remote access tools: Some APKs contain RATs (Remote Access Tools) enabling full control of the phone, allowing unauthorised transactions without user knowledge.
6. Impersonation: APK files are often disguised as official apps of banks, government departments, financial portals or payment gateways to gain trust.
7. Financial loss and data misuse: Victims face unauthorised withdrawals from bank accounts and misuse of stolen personal data for further cyber offences.
Public advisory on APK file fraud
1. Do not download unknown APK files: Never download or install any application shared through SMS, WhatsApp, Telegram, email, or social media links, especially if it is not from the Google Play Store or the official website of the concerned organization such as RTO Challan.APK, PMKisanYojana.apk, ElectricityCurrentBill.APK, HMWSSB.apk, Creditcard.apk, rewardpoints.apk etc.,
2. Avoid clicking on unverified links: Avoid clicking on links claiming to offer bank updates, cashback rewards, KYC verification, or government benefits. Always verify such messages with the official source.
3. Check app permissions: Be cautious if any app requests unnecessary permissions such as access to messages, contacts, screen sharing or remote control of the device.
4. Update and secure your device: Keep your mobile operating system and antivirus software updated to protect against known security threats.
5. Do not share OTPs or banking credentials: Legitimate banks, financial institutions, or government agencies never ask for OTPs or passwords via calls, messages, or unofficial apps.
6. Stay informed and alert: Follow advisories issued by CERT-In, RBI, and local police cyber units to stay aware of emerging online fraud techniques.
Report suspicious activity immediately
Report suspected fraud to the National Cybercrime Helpline (1930) or online at cybercrime.gov.in.
