Six Arrested in Mumbai APK Fraud Raid Linked to Rs 43 Crore and 3,206 Cases Nationwide

Anuj June 26, 2026
www.news4hackers.com-six-arrested-in-mumbai-apk-fraud-raid-linked-to-rs-43-crore-and-3-206-cases-nationwide-six-arrested-in-mumbai-apk-fraud-raid-linked-to-rs-43-crore-and-3-206-cases-nationwide
Post Views: 12

A cybercrime investigation in Mumbai uncovered a large-scale fraud network involving malicious Android application packages (APKs) linked to 3,206 reported cases nationwide and financial losses exceeding Rs 43 crore.

Initial Incident Triggering the Investigation

The investigation began after a Mumbai resident received a fraudulent message claiming their gas service would be suspended unless they updated billing information. The communication directed the individual to a malicious link, which initiated the chain of events leading to the discovery of a nationwide fraud scheme.

Server Analysis Reveals Extensive Data Breach

Forensic analysis of the perpetrators’ digital infrastructure uncovered critical evidence. A Google Firebase server and Hostinger-hosted database contained 1.24 crore SMS records harvested from compromised devices, including one-time passwords (OTPs), banking alerts, and financial notifications. The database linked to 8,609 victims, storing sensitive information such as bank account details, ATM card numbers, PINs, CVV codes, and UPI identifiers.

Malicious Applications and Distribution Network

Investigators recovered 111 fake APK files mimicking legitimate entities like banks, the Regional Transport Office, and Mahanagar Gas. Additionally, 83 unique package names associated with malicious applications were identified within the network’s internal server database. The group also possessed server login credentials, malicious URLs, and chat records from Telegram groups and bots detailing the sale and distribution of the fraudulent apps.

Arrests and Legal Proceedings

Six individuals from Jharkhand and Delhi were detained based on digital forensic evidence and technical tracking. The accused include Arif Astun Ansari (28), Shaikh Belal Naushad (28), Mehboob Naushad Alam (26), Sajid Mansur Ali (21), Mohan Kushal Mahto (23), and Sunil Kumar Dashrath Soren (25). Their roles encompassed APK development, distribution, and direct outreach to victims. All face charges under the Bharatiya Nyaya Sanhita and the Information Technology Act.

Regional Crime Trends and Network Expansion

The arrests in Jharkhand align with broader patterns of cybercrime activity in the region. Just days prior, a similar operation in Ahmedabad targeted a Jharkhand-based individual operating a Telegram bot that distributed custom malware to over 400 fraudsters. Both cases share operational similarities, including the use of fake utility apps, Firebase servers for data storage, and methods for intercepting OTPs and accessing banking systems. Jharkhand’s Jamtara district has emerged as a hub for organized telephonic fraud, with the current case highlighting the shift toward advanced malware development and nationwide APK distribution.

Public Safety Recommendations

According to the investigation, authorities issued warnings against installing APKs from unverified sources or opening ZIP files from unknown senders. Citizens are advised to avoid sharing OTPs, ATM PINs, or banking credentials with anyone. No legitimate organization would request such information via unsolicited messages.

State police departments have been notified of the findings, with 517 of the 3,206 reported cases originating from Maharashtra and 93 from Mumbai. Further investigations are ongoing to assess the full scope of the network’s activities.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-bengaluru-police-arrest-suspects-in-tether-crypto-exchange-robbery-worth-lakhs-bengaluru-police-arrest-suspects-in-tether-crypto-exchange-robbery-worth-lakhs

Bengaluru Police Arrest Suspects in Tether Crypto Exchange Robbery Worth Lakhs

Anuj June 26, 2026
www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration-2

Entrust Biometrics for Secure User Verification in High-Risk Transactions

Anuj June 25, 2026
www.news4hackers.com-nist-releases-updated-iot-security-guidance-for-public-comment-nist-releases-updated-iot-security-guidance-for-public-comment-3

Gorakhpur Jewellery Showroom Victims of Multi-Account Cyber Scam: Lakhs Stolen After Account Freeze

Anuj June 25, 2026

Latest Cyber Security News

www.news4hackers.com-ransomware-attacks-exploit-europe-s-vulnerable-third-party-suppliers-ransomware-attacks-exploit-europe-s-vulnerable-third-party-suppliers

Ransomware Attacks Exploit Europe’s Vulnerable Third-Party Suppliers

Anuj June 26, 2026
www.news4hackers.com-coinspaid-dev-a-decade-of-infrastructure-innovation-and-development-coinspaid-dev-a-decade-of-infrastructure-innovation-and-development

Coinspaid Dev: A Decade of Infrastructure Innovation and Development

Anuj June 26, 2026
www.news4hackers.com-russian-apt-group-deploys-stockstay-backdoor-in-cyberattack-on-ukraine-russian-apt-group-deploys-stockstay-backdoor-in-cyberattack-on-ukraine

Russian APT Group Deploys StockStay Backdoor in Cyberattack on Ukraine

Anuj June 26, 2026
www.news4hackers.com-3-million-stolen-in-polymarket-platform-hack-investors-lose-millions-3-million-stolen-in-polymarket-platform-hack-investors-lose-millions

3 Million Stolen in Polymarket Platform Hack: Investors Lose Millions

Anuj June 26, 2026
www.news4hackers.com-first-ever-ptc-windchill-vulnerability-exploited-in-the-wild-first-ever-ptc-windchill-vulnerability-exploited-in-the-wild

First-Ever PTC Windchill Vulnerability Exploited in the Wild

Anuj June 26, 2026
en_USEnglish
en_USEnglish