Residents of Nagpur are facing a sophisticated and emotionally manipulative cyber threat disguised as digital wedding invitations. Cyber criminals are now circulating malicious Android application packages (APKs) that look like festive e-invites but are designed to hijack devices and drain bank accounts.
How the Deceptive APK Scam Works
Unlike typical digital invites sent as images or PDFs, this new attack involves sending files with names like WeddingCard.apk or Shaadi_Invite.apk. When recipients receive the file, they are prompted to manually install it, believing it to be a simple wedding card. This action alone bypasses Android's primary security barriers, as the user is granting explicit permission to install from an unknown source.
Cyber expert Anup Dubey, speaking to TOI, highlighted that this method has become a highly dangerous malware delivery mechanism. The application, once installed, appears harmless but immediately begins its malicious activity in the background.
Silent Takeover and Financial Theft
The malware cleverly requests a series of permissions that seem routine for many apps, including access to SMS, contacts, and call logs. However, the most critical permission it seeks is for accessibility services. "The accessibility permission becomes the attacker's primary weapon," Dubey warned. This permission allows the hackers to read everything on the screen, click buttons remotely, monitor app usage, and crucially, intercept UPI transactions in real-time.
After installation, the app icon often vanishes. The malware then runs silently, establishes a connection with a remote command server, and starts harvesting sensitive data. It can even record the screen during financial transactions. Victims in Nagpur have reported unauthorized access to their bank accounts and rapid depletion of funds while their phone continues to function normally, delaying detection.
Challenges in Investigation and Recovery
DCP Lohit Matani, in-charge of the Nagpur cyber cell, confirmed that multiple such complaints have been registered in the city. He emphasized that while the methods of attack evolve, the core concept remains exploiting trust. "Whenever we receive a complaint, the earlier it comes in, the better," Matani stated. The response involves first completely removing the malware from the infected device and then attempting to track the financial trail to recover lost money, though delays severely reduce the chances of recovery.
Anup Dubey explained that the attack often follows a pattern: initial infection and data theft, followed by financial fraud, download of additional malicious payloads, and finally, in some cases, the phone being locked with a ransomware demand. Tracing these crimes is complex due to the use of offshore servers, proxy networks, and cryptocurrency payments, though some operations have domestic handlers using international infrastructure.
The emotional hook of a wedding invitation, which evokes curiosity and warmth, is what makes this scam particularly effective. It lowers digital vigilance, turning a single tap into a gateway for significant financial and personal data loss. Authorities urge users to be extremely cautious of any file, especially APKs, received from unknown or even familiar contacts, and to never enable accessibility services for unfamiliar applications.
