When a Delhi resident reported losing ₹1.2 lakh after installing what appeared to be a routine “customer support” application, investigators initially treated the case as another instance of phone-based impersonation fraud. The call, placed in late July, followed a familiar script: a man posing as an electricity department official warned that power would be cut unless immediate action was taken.
What distinguished the case was not the deception, but the software. The application sent to the victim—an Android Package Kit, or APK—granted remote access to his phone, allowing unseen operators to navigate banking and payment apps in real time. Tracking the digital fingerprints embedded in the file, Delhi Police followed a trail of IP logs and backend code to Deoghar, in Jharkhand, where a 26-year-old man was arrested earlier this month.
The suspect, Umesh Kumar Rajak, is accused not of making the fraudulent calls himself, but of supplying the technological tool that made them possible.
Inside the Anatomy of a ‘Fully Undetected’ App
According to investigators, the application was a so-called FUD, or “fully undetected,” Customer Support APK—a class of malware designed to evade antivirus scans and operating system safeguards. Once installed, such software can mirror a user’s screen, intercept one-time passwords and silently authorise transactions.
Police officials say Rajak regularly modified the code to keep it ahead of security updates rolled out by handset manufacturers and app stores. Each customised version was allegedly sold to fraud operators for around ₹15,000, a modest sum that underscores how accessible sophisticated cybercrime tools have become.
Three high-end Android phones seized during the arrest are believed to have been used for development, testing and distribution. Investigators say the devices contain logs showing how the malware was shared and payments were received, offering a rare glimpse into the supply chain behind everyday digital fraud.
Jamtara and the Business of Cybercrime
Rajak hails from Jamtara, a district whose name has become shorthand for cyber fraud in India. Over the past decade, the region has been linked to call-centre scams, phishing operations and digital extortion rings that target victims across the country.
Police describe Rajak as a BA graduate who operated on the periphery of this ecosystem, providing technical infrastructure rather than direct contact with victims. He has previously been named in cases registered in Mumbai and Ranchi, under cheating provisions of the Bharatiya Nyaya Sanhita and the Information Technology Act.
Law enforcement officials say this division of labour—callers in one location, developers in another, and money mules elsewhere—has made cybercrime networks harder to dismantle, even when individual arrests are made.
A Wider Network Still Under Scrutiny
The Delhi Police say the arrest is only a starting point. Investigators are now analysing digital evidence to identify other fraudsters who purchased the malicious APKs, as well as victims whose losses may never have been formally reported.
The case highlights a broader challenge for authorities: while public awareness campaigns often focus on warning citizens not to click suspicious links or install unknown apps, far less attention is paid to the underground market that produces and refines such tools.
As smartphones become central to everyday financial life, officials warn, even small, inexpensive pieces of code can have outsized consequences—quietly transferring money, eroding trust and sustaining a shadow economy that stretches far beyond a single arrest in Deoghar.
