A new wave of cyber fraud involving fake e-challan messages and malicious Android applications has prompted authorities to issue a nationwide advisory, warning users against downloading suspicious APK files that can compromise personal and financial data.
The campaign primarily targets Android users through SMS, WhatsApp, and other messaging platforms, where victims receive messages claiming pending traffic violations along with a link or APK file disguised as an official government app.
Malware Disguised As Government App
According to cybersecurity experts and government advisories, the fraud typically involves a fake e-challan or mParivahan app APK file. Once installed, the malware can gain extensive permissions on the device, including access to:
- SMS and OTPs
- Banking and financial apps
- Contacts and stored data
Such malicious apps are capable of bypassing security safeguards and enabling unauthorised transactions.
In several cases, these apps act as spyware or remote access tools, giving fraudsters near-complete control over the victim’s smartphone.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
How The Scam Operates
The typical modus operandi includes:
- Victim receives a message about a traffic violation or pending challan
- A link or APK file is provided to “view” or “pay” the fine
- Upon installation, the app silently installs malware
- Fraudsters intercept OTPs and execute financial transactions
Authorities have clarified that legitimate e-challan notifications are never sent via personal numbers or APK downloads, and should only be verified through official government portals.
Rapid Spread Of APK-Based Cyber Frauds
Cybercrime units across India have reported a surge in such APK-based frauds, where malicious files are disguised as:
- Traffic challans
- Government schemes
- Utility bills or documents
These files often auto-install and immediately compromise the device, allowing attackers to siphon funds or hijack accounts.
Experts note that Android devices are particularly vulnerable since APK files can be installed outside official app stores.
Government And Police Advisory
Authorities have issued clear safety guidelines for users:
- Do not download APK files from unknown sources
- Avoid clicking on suspicious links in SMS or WhatsApp
- Verify challans only via official portals like Parivahan
- Install apps only from trusted platforms like Google Play
- Report fraud immediately via helpline 1930
Users are also advised to check app permissions carefully and avoid granting unnecessary access to unknown applications.
The rise of such malware campaigns reflects a broader trend in cyber fraud, where attackers combine social engineering with mobile malware to target users at scale.
With increasing dependence on smartphones for banking and payments, even a single malicious download can lead to significant financial losses.
A Critical Need For User Awareness
Authorities emphasise that awareness remains the first line of defence against such attacks. As fraudsters continue to exploit trust in government systems, users must remain vigilant and rely only on verified digital platforms.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
