Ghaziabad Woman Loses Over Rs 6 Lakh in Sophisticated APK File Cyber Scam
A 41-year-old woman from Ghaziabad has become the latest victim of a sophisticated cyber fraud scheme after she mistakenly clicked on a malicious APK file that she believed was a traffic challan from the Regional Transport Office (RTO). The incident resulted in scammers hacking her smartphone and siphoning off more than Rs 6 lakh from her bank account in two separate transactions.
How the WhatsApp Scam Unfolded
Sahibabad resident Priyanka Kulshreshtha, who works at a private company, received an Android package kit file named "RTO CHALLAN 299 RS.apk" through WhatsApp on January 22. Believing it to be a legitimate communication from transport authorities, she accidentally clicked the link, which prompted her phone to install an application.
Eleven days later, on February 2, Kulshreshtha suddenly realized her phone had been compromised when she discovered two unauthorized transactions from her YES Bank account. "The first transaction was of Rs 2.5 lakh, and the second of Rs 3.7 lakh," she reported to authorities.
Police Investigation and FIR Registration
Additional DCP (cyber) Piyush Kumar Singh confirmed that an FIR has been registered at the Cybercrime police station against an unknown person under BNS section 318(4) for cheating, along with relevant sections of the Information Technology Act. Police have contacted the bank to obtain detailed information about the account where Kulshreshtha's money was transferred.
Authorities have also informed the bank about the fraudulent transactions and requested them to block her account to prevent further unauthorized access. According to police investigations, this malware scam is being actively spread through WhatsApp using files named to appear as legitimate government communications, particularly "RTO Traffic Challan.apk".
How the APK File Scam Operates
Cyber fraudsters are sending malicious APK files that are carefully named to appear legitimate or affiliated with government bodies. Once downloaded and installed, these files deploy malware on the victim's device that enables scammers to:
- Hack the smartphone completely
- Steal banking credentials and one-time passwords (OTPs)
- Monitor and spy on user activities
- Gain unauthorized access to financial applications
Police officials have confirmed that several victims have been cheated using this identical modus operandi, indicating an organized cybercrime operation targeting unsuspecting citizens.
Recent Similar Cases in the Region
This incident is not isolated. On January 19, Lakshman Singh Negi, a resident of Vaishali, reported that he had received an APK file on WhatsApp from an unknown number on January 14. After clicking the file, he received a call from someone posing as a bank official discussing internet banking services. Shortly afterward, Rs 15 lakh was siphoned off from his account.
In another case reported on November 24, 2025, a 68-year-old city resident was duped of Rs 5.6 lakh under the pretext of updating his bank account information. Just three days later, a retired government employee lost Rs 9 lakh to fraudsters impersonating bank officials.
Similarly, on November 16, a 72-year-old Noida resident had his bank account compromised after clicking an APK file sent via WhatsApp, demonstrating the widespread nature of this cyber threat across the National Capital Region.
Bank Warnings and Security Recommendations
Financial institutions have repeatedly warned customers against clicking suspicious links that typically claim to offer:
- KYC (Know Your Customer) updates
- Reward points or cashback offers
- Government notifications or challans
- Banking service alerts
Banks strongly advise users to avoid downloading unknown files, especially APK files from unverified sources, and to verify the authenticity of any communication claiming to be from financial institutions or government bodies through official channels before taking any action.
Cyber security experts emphasize that legitimate government communications never come through APK files on messaging platforms and that citizens should be particularly cautious of any file that prompts installation of applications, especially those claiming urgent action regarding financial matters.
