PRAYAGRAJ: As wedding invitations circulate across Uttar Pradesh, cybercriminals have found a new opening. A simple .APK file disguised as a digital wedding card has become the latest tool for draining bank accounts, leaving victims confused, exposed, and unsure of how their phones were infiltrated so easily.
A New Front in India’s Expanding Cybercrime Landscape
When a wedding season arrives in northern India, mobile phones buzz constantly with messages, images, and digital invitations from friends and extended family. This year, that familiar rhythm is being exploited in an unsettling and increasingly organized fashion. Across districts in Uttar Pradesh, cybercriminals have been sending malicious .APK files masquerading as digital wedding cards — a strategy that has quietly siphoned money from unsuspecting residents.
In several recent incidents reported to the cybercrime police, victims said the fraud began with an innocuous WhatsApp message from an unknown number. The sender introduced the attachment as a marriage invitation and encouraged its download. For many, the file appeared harmless; some recipients even assumed it came from a distant relative or acquaintance.
Within hours of downloading the file, their phones malfunctioned. Notifications soon followed: unauthorized withdrawals from their bank accounts, sometimes in multiple tranches, often amounting to tens of thousands of rupees. Police officials say the pattern has now repeated across multiple towns over the past month, prompting warnings urging the public to avoid downloading unfamiliar .APK files — the Android package format that can install applications directly onto devices
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
A Single File That Opens the Door
In Prayagraj, two residents collectively lost ₹76,000 after receiving identical messages bearing the same file extension. One of them, Sunil Yadav, a hotel operator in Rajapur, told investigators that a wedding card appeared on his WhatsApp on November 10. Its stylized design, common during the festive season, seemed genuine enough. Yadav assumed it had been forwarded by someone he knew.
What followed mirrored other cases: shortly after opening the file, his phone began to behave strangely. Hours later, he received text alerts notifying him of withdrawals he had not authorized. By then, the attackers had already gained remote access.
In a separate incident, a resident of Tagore Town said a similar invitation appeared on November 15 after he had shared documents online. The next morning, he discovered that ₹34,347 had been debited from his account. He never learned who had sent the link.
According to investigators, the .APK file installs a hidden application, giving cybercriminals silent control over the device including OTP access, keystrokes, and sensitive banking details. Once inside, they typically operate quickly, sometimes completing the extraction within minutes.
A Pattern Spreading Quietly Through the City
Police officials describe the emerging scheme as deceptively simple and disturbingly effective — exploiting social norms, seasonal habits, and the public’s trust. Over the past month, several cases of fraud linked to digital invitations and vehicle-related APK files have been reported. The victims nearly always describe the same sequence of events: an unfamiliar number, a forwarded file, and sudden unauthorized transactions.
What concerns law enforcement is how seamlessly the attackers blend into the fabric of everyday communication. In India, where digital convenience has outpaced digital literacy, personal and professional exchanges often rely on quick file-sharing over WhatsApp. Attachments that might raise suspicion elsewhere wedding cards, documents, receipts are part of routine interactions.
Cybercrime officials say the attackers understand this well. Many of the fraudulent messages are crafted in colloquial Hindi, often using names or terms that feel familiar. In some instances, the wedding cards included names the recipient recognized possibly scraped from earlier digital interactions.
Authorities Respond as the Threat Evolves
The cybercrime police have issued repeated advisories urging citizens to avoid downloading any .APK file unless they can verify its source. “Before downloading any unknown file, especially those in .APK format, people must examine whether the sender is legitimate,” an officer said. The department has emphasized that cybercriminals are now hacking phones not through sophisticated malware alone but by leveraging social behavior.
Investigators say the fraud has intensified during the wedding season, a pattern they expect to continue unless awareness increases. For now, the cases under investigation point to a network that is adaptive, opportunistic, and increasingly familiar with the vulnerabilities of smartphone-dependent households.
