Another 'APK' Scam Disguised As Govt Scheme Disrupts Devices, Empties Wallets

A WhatsApp message from an unknown sender shows you an Android Application Package (APK) file named ‘PM Kisan update’, ‘PM Kisan eKYC update’, ‘PM Kisan registration form’, or a similar variant. There is no accompanying message explaining the purpose of the file, and out of curiosity, you tap to download it. A few moments later, you realise your bank account has been emptied and panic sets in. 

How does a random file harm your device and expose crucial information to cybercriminals? Scamguard has been monitoring APK file scams since the beginning of 2025 and has observed how scammers continue to target people with such malicious files using various tactics. A scammer may pretend to be a bank official and convince you to download an APK file to update your KYC, or a fake e-challan or utility bill might arrive in your inbox.

We break down the latest APK scam, which steals personal data and siphons money into scammers’ accounts.

• File Distribution: An APK file is shared on WhatsApp by an unknown number, often framed as a government notification. The file name suggests that it is a government scheme registration link or a form to be updated by scheme beneficiaries in order to receive their next payment. 

• Download Initiated: To view the file's content, an unsuspecting victim taps the download button, causing the APK file to be downloaded and installed. It can evade detection by security tools on your device.

• Device Malfunction: In a reported case, after the malicious file was installed on a victim’s phone, it shut down immediately, and shortly afterwards, money was transferred from their bank account.

• Device Hijack: In other cases, the installed file requests broad permissions on the phone (access to messages, contacts, calls or other features). This allows cybercriminals can remotely access your phone and intercept SMS messages and notifications, such as OTPs for transactions. They might also install spyware such as keyloggers that record every keystroke you make, which can expose your passwords and personal details. 

• Withdrawal: Armed with your banking details and SMS access, scammers can empty your accounts and further distribute the APK file to your contacts. 

• Receiving an APK file or a link from an unknown source or an unverified sender. 

• Apps demanding permission to access SMS, contacts, or install other apps on your device.

• Device glitching, heating up, or shutting down after you’ve installed the file.

• Receiving banking alerts you did not initiate or texts sent from your phone to your contacts without your knowledge. 

• Verify: Do not download any unknown files on your phone. Only rely on the government’s official communication channels for information regarding schemes and their updates. 

• Review: After installing any app, ensure you carefully review the permissions it asks for. Deny access to your SMS inbox, contacts, or other features, and do not permit it to install any additional apps on your device. 

• Disconnect: If you’ve installed a malicious file or app, turn off your mobile data and Wi-Fi to block further communication between the app and the scammer’s server. This step can help slow or stop unauthorised activity. 

• Uninstall: Find the app via ‘Settings’ and uninstall it immediately. If you are unable to find it, restart your phone in Safe Mode or opt for Factory Reset (after backing up your data). 

• Notify: Alert your bank about the incident and potential threat, even if no money has been taken from your account. Request that they block or freeze your account(s) and cards until further notice. Change your net banking password and mobile banking password PIN.

• Report: Report the incident promptly through the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call their helpline at 1930. You can also file a complaint at your local police station. Ensure that you gather relevant evidence to support the investigation.

• Update: Always keep your device and apps updated to patch any vulnerabilities.

• Share: Inform your circles and communities about the scam and ask them to be cautious of any such alerts. 

The Quint's Scamguard initiative aims to keep up with emerging digital scams to help you stay informed and vigilant. If you've been scammed or successfully thwarted one, then tell us your story. Contact us via WhatsApp at +919540511818 or email us at myreport@thequint.com. You can also fill out the Google form and help us take your story forward.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)