81-Year-Old Belagavi Man Scammed Out of Lakhs via Malicious APKs – Cyber Crime Alert

www.news4hackers.com-81-year-old-belagavi-man-scammed-out-of-lakhs-via-malicious-apks-cyber-crime-alert-81-year-old-belagavi-man-scammed-out-of-lakhs-via-malicious-apks-cyber-crime-alert

A banking trojan attack has been uncovered in Belagavi, where an 81-year-old individual lost over ₹20 lakh through a sophisticated mobile device compromise. Local cybercrime investigators are examining the breach after fraudsters deployed counterfeit application packages to drain three separate financial accounts. The incident highlights the increasing vulnerability of elderly users to targeted digital exploitation.

Attack Mechanism

The attack commenced on June 25 when the victim’s mobile service experienced an unexpected disruption due to a faulty SIM card. To restore connectivity, the individual visited an authorized service provider to obtain a replacement. During this process, attackers exploited the activation of the new SIM to deliver three deceptive data payloads disguised as critical software updates. These files were labeled to mimic legitimate applications, including “Union Bank Update,” “PM Kisan Yojana,” and “Member App,” to deceive the user into granting access.

Malware Functionality

Once installed, the malicious software bypassed standard security protocols, enabling unauthorized access to the device. The malware’s core functionality involved intercepting SMS-based authentication codes, which were used to authorize financial transactions. By silently capturing one-time passwords and erasing associated logs, the attackers executed a series of high-value transfers without triggering alerts.

Aftermath and Discovery

The victim remained unaware of the activity until a routine balance inquiry at a bank branch revealed the full extent of the losses.

Investigations and Forensic Efforts

Forensic teams from the City Cyber, Economic, and Narcotics (CEN) Police Station are tracing the flow of stolen funds, which were rapidly distributed through a network of pre-registered money mule accounts. Investigators are collaborating with banking institutions to freeze these accounts and prevent further asset conversion. Additionally, the victim’s smartphone has been seized for digital forensics, with analysts working to identify the originating domains and IP addresses linked to the attack.

Expert Warnings and Regulatory Response

Experts warn that cybercriminals are increasingly leveraging APK-based malware to target mobile users, particularly those with limited digital literacy. The attack underscores the need for stricter device security measures, including mandatory application verification and enhanced user education. Regulatory bodies are now advocating for zero-trust architecture in mobile ecosystems to mitigate similar threats.

Calls for Enhanced Security Measures

The incident has prompted urgent calls for improved safeguards against application-based fraud, as attackers continue to refine techniques to bypass traditional security frameworks. Authorities are urging users to verify the authenticity of software updates and avoid downloading unverified applications, while also emphasizing the importance of real-time monitoring for suspicious transactions.



About Author

en_USEnglish