Issued by Dy. Commissioner of Police, Cyber Crimes, Hyderabad
It has come to our notice that cyber fraudsters are circulating malicious APK files through social media, messaging platforms, WhatsApp, SMS, Telegram, and fake websites, falsely claiming to offer government benefits, bank services, KYC updates, cashback rewards, job opportunities, or investment schemes. Victims are lured into downloading these apps, which secretly steal personal and banking information — including OTPs — resulting in financial loss and misuse of sensitive data.
Modus Operandi in APK File Frauds
1. Circulation of Fake Links: Fraudsters send links via SMS, WhatsApp, social media, or emails disguised as bank/government communications or promotional offers such as RTO Challan.APK, PMKisanYojana.apk, Electricity CurrentBill.APK, HMWSSB.apk, Creditcard.apk, rewardpoints.apk etc.,
2. Convincing Victims to Install APK Files: Users are asked to download APK (Android Package Kit) files from outside the Google Play Store, claiming fast service or exclusive access.
3. Excessive Permissions: During installation, the app requests access to SMS, contacts, screen sharing, and notifications — allowing criminals to monitor the device.
4. Data & OTP Theft: The malicious app secretly captures sensitive details like mobile banking credentials, One-Time Passwords (OTPs), debit/credit card details, and personal information.
5. Remote Access Tools: Some APKs contain RATs (Remote Access Tools) enabling full control of the phone, allowing unauthorized transactions without user knowledge.
6. Impersonation: APK files are often disguised as official apps of banks, government departments, financial portals, or payment gateways to gain trust.
7. Financial Loss & Data Misuse: Victims face unauthorized withdrawals from bank accounts and misuse of stolen personal data for further cyber offences.
Public Advisory on APK File Frauds
1. Do Not Download Unknown APK Files: Never download or install any application shared through SMS, WhatsApp, Telegram, email, or social media links, especially if it is not from the Google Play Store or the official website of the concerned organization such as RTO Challan.APK, PMKisanYojana.apk, ElectricityCurrentBill.APK, HMWSSB.apk, Creditcard.apk, rewardpoints.apk etc.,
2. Avoid Clicking Unverified Links: Avoid clicking on links claiming to offer bank updates, cashback rewards, KYC verification, or government benefits. Always verify such messages with the official source.
3. Check App Permissions: Be cautious if any app requests unnecessary permissions such as access to messages, contacts, screen sharing, or remote control of the device.
4. Update and Secure Your Device: Keep your mobile operating system and antivirus software updated to protect against known security threats.
5. Do Not Share OTPs or Banking Credentials: Legitimate banks, financial institutions, or government agencies never ask for OTPs or passwords via calls, messages, or unofficial apps.
6. Stay Informed and Alert: Follow advisories issued by CERT-In, RBI, and local police cyber units to stay aware of emerging online fraud techniques.
7. Report Suspicious Activity Immediately
Report suspected frauds to the National Cybercrime Helpline (1930) or online at cybercrime.gov.in
For latest cyber awareness updates follow us on https://www.facebook.com/
