A retired Army officer from Chandigarh was allegedly duped of over Rs 12 lakh after cyber fraudsters tricked him into downloading amalicious APK fileon his mobile phone, compromising his banking details and enabling unauthorised transfers from his account.
According to an FIR registered at the Cyber Crime Police Station,Chandigarh, the victim, Colonel Rajbir Singh Duggal (82), a city resident, reported that the fraud took place when he attempted to book a courier pickup online.
As per the complaint, on March 9, Duggal searched the internet for the contact number of Blue Dart Courier to send a parcel toPune.
After calling a number found through Google search, his call was allegedly transferred to a person posing as an online executive.
The caller asked him to make an online payment of Rs 10 to confirm the parcel pickup.Duggal first attempted the payment through his SBI account, but the transaction failed.
He then made the payment successfully through his HDFC credit card.
Later, the alleged fraudster contacted him on WhatsApp and asked him to download an APK file, claiming that it was required to process the courier pickup request.
After downloading and installing the file, Duggal’s mobile phone was allegedly compromised.
The following day, on March 10, he started receiving several SMS alerts regarding transfers and cancellations from his SBI savings account, which he had neither authorised nor noticed immediately.
Upon checking his bank account, Duggal discovered that a total amount of Rs 12.05 lakh had been fraudulently withdrawn by unknown persons.
According to the FIR, the amount was transferred to multiple accounts.
After realising he had been cheated, Duggal immediately informed the bank and also lodged a complaint through the National Cyber Crime Portal.
Acting on his complaint, the Cyber Crime Police Station registered an FIR against unidentified persons.
Cybercrime officials said such incidents are increasingly being reported, where fraudsters exploit malicious APK files to gain unauthorised access to victims’ smartphones and banking applications.
A Venkatesh, DSP, Cyber Crime, Chandigarh Police, said: “.apk stands for Android Package Kit, which is the installation file format for Android applications, similar to .exe files used in Windows computers.” These files are generally downloaded from trusted platforms such as the Google Play Store, but cybercriminals often trick victims into installing malicious APK files through links shared via WhatsApp, SMS, or social media platforms.
According to the Cyber Crime Police, attackers commonly send deceptive messages claiming that the recipient needs to install an app to get a loan approved, update KYC details to prevent account suspension, confirm a parcel delivery, or claim cashback or rewards.
Such messages often create a sense of urgency and trust by using the logos and names of banks, courier companies or government agencies.
Once the victim clicks on the link and installs the APK file outside the Play Store, the fake application typically requests sensitive permissions such as access to SMS messages, screen recording or accessibility services, contacts, camera and device storage.
Most victims unknowingly grant these permissions.
Cyber officials said that once installed, the malicious app can steal banking credentials entered on the device, read OTPs from SMS messages, intercept notifications and mirror the phone screen using accessibility features.
In many cases, the malware also installs Remote Access Trojans (RATs) that allow attackers to remotely control the device and access sensitive information.
The stolen data is then transmitted to the attackers’ command-and-control servers, enabling them to carry out fraudulent transactions through UPI or mobile banking applications, change account passwords, impersonate the victim for further scams, and in some cases even lock the device and demand ransom.
Cybercrime officials have advised citizens to avoid installing APK files received through unknown links or messages.
Users should ensure that apps are downloaded only from trusted platforms such as the Google Play Store and that the Google Play Protect security feature remains enabled on Android devices.
Authorities also recommend disabling the “install from unknown sources” option in phone settings and carefully reviewing the permissions requested by any application before granting access.
People are further advised to verify suspicious messages directly with the bank or organisation concerned before taking any action.
In case of cyber fraud, victims should immediately report the incident by calling the national cybercrime helpline 1930 or by filing a complaint on the official portal cybercrime.gov.in.
Stay updated with the latest -Click here to follow us on Instagram
Related Stories
Source: This article was originally published by The Indian Express
Read Full Original Article →
Comments (0)
No comments yet. Be the first to comment!
Leave a Comment