Indian City Hit by Cyber Attack Using Fake APK Files for Gas Bill Payments, Over ₹1 Crore Stolen

Post Views: 5

Gas Bill Scam: ₹1 Crore Lost in Mumbai due to APK-Based Frauds

In a disturbing trend emerging in Mumbai, individuals posing as gas company representatives have successfully emptied bank accounts within minutes using APK files. The alarming scheme has resulted in nearly ₹1 crore in losses over the past month, underscoring the increasing menace of APK-based cyberfraud.

The Modus Operandi

Victims receive initial warnings through SMS or messages claiming that their gas bill is overdue and threatens disconnection unless immediate action is taken. Posing as company representatives, scammers make follow-up calls to persuade victims to install APK files supposedly containing “urgent updates” to resolve the issue.

A Recent Case

In a recent case, a 20-year-old businessman from Mulund West, Mitul Doshi, fell prey to the scam when he received a message about an unpaid gas bill. He promptly paid ₹1,150 before being informed that the payment had not been processed. To resolve the supposed issue, Doshi was sent an APK file, which, once installed, allowed the scammers to access his sensitive personal data and conduct unauthorized transactions.

Similar Incidents Across the City

Similar incidents have been reported in other parts of the city, including Malad East, where a 75-year-old retired individual received a message featuring the logo of Mahanagar Gas Limited. The scammer requested a nominal payment of ₹10 for a “system update fee.” Another victim received an APK file that contained malware, enabling the scammers to access OTPs, banking apps, and sensitive personal data.

According to investigators, these incidents represent a repeatable model of panic, trust, and technical theft. The modus operandi remains consistent, creating panic, building trust, and deploying technical tools to execute the theft.

Cyber experts warn that APK files in such cases contain malware, allowing scammers to access sensitive information and conduct unauthorized transactions.

Renowned cybercrime expert and former IPS officer Prof. Triveni Singh emphasized that no legitimate government or private company sends APK files for payments or verification. “No official will ever ask for OTPs or banking credentials over a phone call,” he stressed.

Avoidance Measures

Authorities have issued advisories urging citizens to use only official websites or authorized mobile applications for bill payments and cautioned against clicking on unknown links or installing APK files from unverified sources. If someone becomes a victim of such fraud, they should immediately contact the National Cyber Helpline at 1930 and inform their bank to freeze the account.

These incidents highlight the evolving nature of cybercrime, where scammers target essential daily services like gas bills. Awareness and vigilance remain the strongest defense against such threats, as even a small mistake can result in significant financial loss.