Karnataka has recorded a steep rise in APK based cyber fraud during the first four months of 2026, with around 458 complaints reported by April and investigators warning that the number could cross 1,300 by the end of the year if the present trend continues.
Officials say the increase is close to 190 per cent and that senior citizens are among the most vulnerable targets.
How APK Fraud Operates on Smartphones
Cybersecurity experts describe APK fraud as one of the most dangerous forms of mobile based financial crime currently affecting Android users. APK, or Android Package Kit, is the file format used to install applications on Android devices. Investigators say fraudsters are exploiting this by sending fake links disguised as banking apps, KYC updates, electricity bill notices, courier delivery alerts, investment offers and government scheme notifications.
Once the user downloads and installs the malicious APK file, criminals allegedly gain unauthorised access to the device. Officials say these attacks often use remote access malware, screen sharing tools and spyware techniques to monitor mobile activity, capture OTPs, steal UPI credentials, access banking alerts and extract personal information.
In many cases, victims do not realise their phones have been compromised until funds are withdrawn from their bank accounts. That delay, investigators say, makes the fraud especially difficult to detect in its early stages.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Senior Citizens Emerging as Key Targets
Authorities say elderly citizens are among the easiest targets in such cases. Fraudsters frequently impersonate bank representatives, government officials, insurance agents or technical support executives and persuade victims to install APK files on the pretext of security updates or KYC verification.
Officials believe limited technical awareness makes many users more likely to grant broad permissions to these malicious applications without understanding the risks involved. Sources indicate that several recent cases involved victims losing lakhs of rupees within minutes of downloading suspicious files.
A cyber analyst associated with the Future Crime Research Foundation said APK based fraud is more dangerous than traditional phishing because it can allow criminals to directly control a victim’s device. According to the expert, once such an APK is installed, attackers may gain access to screen recordings, messages, banking notifications and even device features such as microphones and cameras.
Authorities Call for Greater Digital Vigilance
Investigative agencies are now examining whether some of these cybercrime syndicates are linked to networks operating outside India. Authorities suspect that fake call centres, Telegram channels and social media advertisements are being used on a large scale to circulate malicious APK links.
Cybersecurity professionals have advised users not to download files or applications received through WhatsApp, SMS, Telegram or unknown social media links. Experts have recommended downloading apps only from official platforms such as the Google Play Store, disabling the Install from Unknown Sources option on Android devices, and enabling added security layers for banking applications.
Police and cyber cells have appealed to citizens to immediately report suspicious APK links, fake banking calls or screen sharing requests through the national cybercrime helpline 1930 or local cyber police stations. Officials say the growing use of digital payments and mobile banking is likely to make APK fraud an even bigger threat unless awareness and digital caution improve.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
