Cyber Fraud via Known Contact’s APK File: Victim Loses ₹7.03 Lakh
A resident of Lalitpur district in Uttar Pradesh allegedly fell victim to a cyber fraud after installing a compromised application file sent by a contact’s mobile number.
Incident Details
The incident involved unauthorized transactions totaling ₹7.03 lakh from the victim’s Central Bank of India account, according to a police report. The victim reported receiving an APK file approximately two months prior from a number associated with an advocate they knew. Trusting the sender’s contact information, they proceeded to install the file without verification.
Investigation and Findings
Subsequent investigations revealed that the application contained a Remote Access Trojan (RAT), which granted attackers access to sensitive data and financial systems. Between July 4 and July 12, the victim’s account experienced multiple withdrawals, totaling the reported amount. The fraud was discovered when the individual visited the bank to update their passbook. A complaint was filed on the National Cyber Crime Reporting Portal and submitted to local cybercrime authorities.
Cybersecurity Experts’ Insights
Law enforcement is currently analyzing banking records, the compromised mobile device, application installation logs, IP address traces, and other digital evidence to map the attack vector. Investigators are also tracing command-and-control servers used by the perpetrators, tracking the movement of illicit funds, and assessing whether the scheme involved a coordinated cybercriminal network. Cybersecurity experts highlighted that RATs distributed via malicious APKs can enable attackers to intercept banking app credentials, SMS messages, one-time passwords (OTPs), and contact lists. This access allows unauthorized transactions and data exfiltration.
A researcher from Algoritha Security noted that threat actors frequently exploit trusted contacts’ phone numbers or social media profiles to trick victims into installing malicious software.
Police Advice and Ongoing Efforts
The police have advised the public to exercise caution when handling unsolicited application files. They emphasized verifying the legitimacy of APKs through official channels before installation. Authorities are collaborating with multiple agencies to identify those responsible and recover the stolen funds.
Case Significance and Conclusion
The case underscores the risks of downloading unverified applications and the importance of robust cybersecurity practices. Ongoing efforts aim to uncover the full scope of the attack and hold perpetrators accountable.
