It could possibly begin with a easy WhatsApp message carrying what seems to be a festive greeting. The message may urge customers to obtain an hooked up APK file to view customised needs and share them with associates. Nonetheless, inside hours, unsuspecting victims could discover suspicious exercise on their telephones – apps opening on their very own, contacts being accessed, and in some circumstances, even unauthorised financial institution transactions being carried out.
Cyber specialists defined that these malicious APK information are designed to silently take management of the system as soon as put in. Such cases spike throughout festive durations when individuals are extra prone to click on on unfamiliar hyperlinks or obtain information with out scrutiny.
The cyber wing of the Hyderabad police too not too long ago issued a public advisory warning residents to remain alert. The advisory cautioned that fraudsters are actively exploiting the festive season by circulating faux APK information and malicious hyperlinks via WhatsApp, SMS, and emails, concentrating on unsuspecting on-line customers and draining their monetary and private information.
What’s an APK file?
An Android Bundle Equipment or APK is a file used to put in functions in your smartphones, particularly on Android telephones, very similar to an .exe file on a Home windows pc. It accommodates every thing an software must work, all packed into one file.
Often, apps are downloaded safely from the Google Play Retailer. However APK information can be downloaded from different web sites or shared via apps like WhatsApp, SMS and even e mail. That is known as sideloading.
Whereas sideloading can generally be helpful, it’s dangerous. If the APK comes from an unknown or untrusted supply, it could comprise malware that may steal private info, entry your telephone, or trigger monetary loss. That’s the reason APK information ought to solely be put in if the supply is absolutely trusted, and ideally prevented altogether when acquired via messages or hyperlinks.
Indianexpress.com spoke to cyber specialists to know extra about how APK information goal unsuspecting customers and the way on-line customers can keep protected from these assaults.
Story continues under this advert
Cyber skilled and authorized marketing consultant Tushar Sharma, who’s the co-founder of The Group For Enlightenment & Training (TOFEE), defined how the rip-off reaches unsuspecting victims.
“The rip-off sometimes begins with a pleasant New Yr message on WhatsApp: ‘Glad New Yr 2025! Click on right here to see your particular greeting.’ Typically it comes from an unknown quantity, however typically it seems to be from somebody acquainted, a colleague, distant relative, or buddy. In lots of circumstances I’ve checked out, the attackers used compromised WhatsApp accounts to unfold the hyperlink, making the message appear reliable,” he mentioned.
“Clicking on the hyperlink leads the person to a festive webpage with animations, fireworks, or New Yr needs in Hindi and English. The positioning then prompts the person to obtain an app to ‘view’ the greeting. This app is just not from the Google Play Retailer. It’s an APK file hosted elsewhere, and that’s the lure,” Sharma mentioned.
Talking to indianexpress.com, Deepender Singh, a cyber skilled with the Betul police in Madhya Pradesh, mentioned earlier, APK information circulating on WhatsApp had been despatched utilizing easy government-sounding names akin to RTO Challan.apk, SBI Yojna.apk or KisanYojna.apk. “Out of worry or greed, individuals assumed it was a site visitors challan or a message associated to a authorities scheme and clicked on the APK,” he mentioned.
Story continues under this advert
“Nonetheless, as festivals like Christmas and New Yr method, fraudsters have modified their technique. The identical APK information at the moment are being shared beneath the guise of pageant, with names like New Yr Reward.apk, Christmas Greeting.apk or Final Yr New Yr Occasion Pics.apk, prompting individuals to click on with out pondering. The file names are chosen to make it look like a photograph or a memorable video despatched by somebody acquainted,” Singh added.
The fact, nonetheless, is that whether or not the identify refers back to the Regional Transport Workplace (RTO), the federal government, or a New Yr occasion photograph, the file accommodates the identical malware, he mentioned. “As soon as put in, it might probably take full management of the cell phone and put every thing from banking particulars to non-public information in danger. Due to this fact, my clear recommendation is that this: should you ever obtain an APK file on WhatsApp, don’t click on on it in any respect, it doesn’t matter what identify it comes with.”
What’s malware?
Malware, quick for malicious software program, is intrusive software program developed by cyber criminals to steal information or injury the system. Frequent malwares embody viruses, worms, Trojan viruses, spy ware, adware, ransomware, and many others.
What occurs after the APK is put in?
Sharma mentioned that when the app is put in, it requests permissions that make little sense for a greeting card:
– Entry to SMS messages
– Permission to learn notifications
– Entry to contacts and storage
Story continues under this advert
In reported circumstances throughout India, this entry has been used to:
– Learn OTPs despatched by banks and cost apps
– Monitor transaction alerts
– Take over WhatsApp accounts and resend the rip-off hyperlink
– Steal contact lists to broaden the assault
“In a single case from North India, a person put in a New Yr greeting app and observed a number of small UPI transactions inside hours. The malware had intercepted OTPs and allowed attackers to step by step take a look at and drain the account to keep away from detection. In one other occasion in a metro metropolis, a sufferer’s WhatsApp account started sending New Yr hyperlinks robotically to all contacts, together with household teams, turning one compromised telephone right into a distribution level for the rip-off,” Sharma knowledgeable.
Why this rip-off works effectively in India
There are a number of explanation why such assaults proceed to succeed, particularly in India, Sharma mentioned, whereas itemizing the next:
Excessive belief in WhatsApp: For a lot of Indians, WhatsApp is the primary communication platform for household, work, and banking alerts.
Story continues under this advert
Android dominance: Most smartphones in India run Android, the place APK set up could be misused if customers ignore safety warnings.
Festive distraction: Throughout New Yr celebrations, individuals are much less cautious and extra prone to click on hyperlinks rapidly.
Language localisation: Many rip-off pages use native languages and cultural references to appear genuine. The attackers don’t depend on refined hacking. They depend upon human behaviour.
Warning indicators individuals typically overlook
The warning indicators are often there in such scams, however are straightforward to overlook:
Story continues under this advert
– A greeting that can’t be considered with out putting in an app
– A hyperlink that clearly doesn’t belong to a well-recognized web site
– An app asking for SMS or notification entry ‘simply to point out a message’
What to do should you clicked the hyperlink
In the event you or somebody you already know could have fallen for this rip-off:
– Uninstall the suspicious app instantly
Story continues under this advert
– Disconnect the telephone from the web and run a trusted cell safety scan
– Change passwords for WhatsApp, e mail, and banking apps utilizing one other system
– Inform your financial institution and carefully monitor transactions
– Alert your contacts so that they don’t belief messages coming out of your quantity
– Register a cyber criticism on cybercrime.gov.in or name the cybercrime helpline 1930 or go to a neighborhood police station
Story continues under this advert
“Fast motion can drastically scale back the injury. A easy rule to recollect I typically inform family and friends one factor each New Yr, ‘No greeting wants an app.’ If a message needs you effectively however asks for permissions, downloads, or modifications to settings, it isn’t celebrating with you. It’s concentrating on you. As we welcome the New Yr, staying alert is simply as vital as staying linked. A second of warning can defend your information, your cash, and your peace of thoughts,” Sharma opines.
Keep protected on-line
As the world evolves, the digital panorama does too, bringing new alternatives in addition to dangers. With every passing day, scammers have gotten extra refined, exploiting vulnerabilities to their benefit. Keep tuned to our particular function sequence the place we delve into the newest cybercrime developments and supply sensible suggestions that will help you stay knowledgeable, safe, and vigilant on-line.