Lucknow: A shocking case of cyber fraud has emerged from the capital city, where fraudsters allegedly siphoned off ₹52.31 lakh from a trading businessman’s bank account over a period of 41 days by sending a malicious APK file. The incident highlights how even a small lapse in digital caution can result in massive financial losses in today’s interconnected world.
According to the victim, Mohammad Salim, a resident of Ashbagh, the fraud began in January when he received a link on his mobile phone that appeared to be a normal message. Upon clicking the link, an APK file was automatically downloaded and installed on his device. Although he later deleted the application, the damage had already been done, as cyber criminals had successfully breached his phone’s security system.
Fraud Uncovered Weeks Later
The fraud came to light in March when Salim visited his bank to update his passbook. Bank officials informed him that multiple transactions had been carried out from his account between January 13 and February 23, resulting in a total withdrawal of ₹52.31 lakh. Shocked by the revelation, he immediately filed a complaint, prompting an investigation into the matter.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Preliminary findings suggest that the APK file contained malware, which allowed the attackers to monitor the victim’s mobile activities. Through this, they gained access to sensitive banking information, including login credentials and transaction details. The stolen funds were then transferred in small amounts to multiple accounts over several weeks, ensuring that the activity did not immediately raise suspicion.
How APK-Based Malware Enables Financial Theft
Cybersecurity experts explain that APK (Android Package Kit) files are application packages used to install apps outside official platforms like the Google Play Store. While they can be legitimate, files obtained from unverified sources often contain hidden malware or spyware. Once installed, such apps can grant hackers remote control over a device, enabling them to extract personal and financial data.
Social Engineering and Expanding Cyber Threats
Commenting on the case, renowned cybercrime expert and former IPS officer Prof. Triveni Singh said that modern cybercriminals increasingly rely on “social engineering” techniques to trap victims. “Fraudsters design links and files to appear trustworthy—such as wedding invitations, bank alerts, or official notices. The moment a user downloads such files, they unknowingly hand over control of their device to criminals,” he explained.
Investigators also noted that fraudsters operate with a high level of planning. They craft messages that seem urgent or familiar, increasing the chances that the recipient will click without verifying the source. Once the malicious file is installed, the device’s security layers are compromised, making it easier for attackers to execute financial fraud.
In a related incident from the Chowk area, another individual was duped of ₹51,000 after receiving a call from someone posing as an insurance agent offering policy renewal services. Such cases indicate that cybercriminals are continuously evolving their methods to exploit unsuspecting users.
Investigation Underway and Public Advisory
Experts emphasize that awareness is the first line of defense against such frauds. Users should avoid downloading APK files or clicking on links received via messaging platforms like WhatsApp unless they are from verified and trusted sources. Disabling auto-download features in mobile settings can also reduce the risk of unauthorized installations.
In case of any cyber fraud, victims are advised to immediately contact the national cybercrime helpline at 1930 or report the incident on the official government portal. Prompt reporting can significantly improve the chances of tracing and recovering the stolen funds.
The investigation into this case is ongoing, with authorities analyzing transaction trails, call records, and digital footprints to identify other members involved in the network. More arrests are expected as the probe progresses.
Overall, the Lucknow cyber fraud case serves as a stark reminder of the growing sophistication of digital crimes. It underscores the urgent need for stronger cybersecurity practices among users and more robust verification mechanisms to prevent such incidents in the future.
