Hyderabad police warn public against fake APKs stealing banking data

Hyderabad Police warn that fake Android apps shared through WhatsApp, SMS and social media are stealing personal and banking details. These apps copy official services, capture OTPs and even control phones. People are urged to avoid unknown links and report suspicious activity

Hyderabad: In view of the surge in fake APK (Android Package Kit) files being circulated through WhatsApp, SMS, Telegram, other social media platforms, and fraudulent websites, the Hyderabad Police have advised citizens to be wary while dealing with them. Cybercriminals are using these malicious applications to steal personal information, banking credentials, and OTPs, leading to large-scale financial losses.

According to the Cybercrime officials, fraudsters send masked links posing as official bank or government communication, often named as RTOChallan.apk, PMKisanYojana.apk, ElectricityBill.apk, HMWSSB.apk, Creditcard.apk, rewardpoints.apk and similar links.

---

The targeted persons are then urged to install these apps outside the Google Play Store under the guise of faster service or exclusive benefits. Once installed, these apps demand access to SMS, contacts, notifications and screen sharing, giving criminals visibility into the device.

Further, the malicious APK secretly captures OTPs, bank login credentials, credit or debit card details, and other personal data. Some APKs contain RAT (Remote Access Tool) capabilities, enabling fraudsters to operate the victim’s phone and execute unauthorised transactions.

Fake APKs are designed to mimic legitimate bank or government apps, making them appear trustworthy, officials said.

Police Advisory:

1. Never download APK files sent via links through SMS, WhatsApp, email, or social media, particularly those not from the official Google Play Store or authentic websites.

2. Avoid unverified links offering KYC updates, cash back, rewards, or government schemes.

3. Check app permissions and deny access if an app asks for sensitive permissions beyond its purpose.

4. Keep your phone secure with updated OS versions and reliable antivirus software.

5. Never share OTPs, PINs or passwords as no legitimate bank or government agency asks for these.

6. Stay updated by following advisories from CERT-In, RBI, and local cybercrime units.

Report suspicious activity immediately on the Cybercrime Helpline: 1930 or Online Complaint: cybercrime.gov.in