New Delhi: Cyber criminals are increasingly exploiting trust and emotions to execute financial frauds. In a recent incident from Gumla, Jharkhand, a businessman allegedly lost ₹2.99 lakh after opening a malicious APK file disguised as a wedding invitation received on WhatsApp from a familiar contact.
Trusted Contact Used As Trap
The victim, Shyam Agrawal, a businessman from SS High Road in Gumla, received what appeared to be a wedding invitation on WhatsApp from the number of an acquaintance. The message included an APK file.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Since the message came from a known contact, he did not suspect foul play and downloaded and opened the file. According to the complaint, the APK file allegedly enabled cyber criminals to gain unauthorized access to his Android device.
₹2.99 Lakh Drained Within Minutes
Within a short time, the fraudsters allegedly accessed sensitive banking information and fraudulently withdrew ₹2.99 lakh from the businessman’s bank account. After receiving transaction alerts, he realised he had been cheated and approached local police to file a complaint.
Preliminary investigation revealed that the WhatsApp account used to send the wedding invitation had already been compromised. The attackers were allegedly using the hacked account to send malicious APK files to contacts, relying on trust linked to a familiar phone number.
APK Files Pose Serious Risk
Cybersecurity experts say APK files are Android application installation packages. When downloaded from untrusted or unofficial sources, they may contain malware or spyware capable of stealing SMS messages, contacts, banking credentials, screen activity and other sensitive information.
Fake wedding invitations, courier tracking notifications, electricity bill reminders, KYC updates and government scheme messages are now commonly used to trick victims into installing malicious APK files.
Experts advise users never to download APK files received through WhatsApp, SMS, email or social media, even if they appear to come from a trusted contact. Mobile applications should be downloaded only from official app stores.
The case highlights how cyber criminals are exploiting human trust along with technological vulnerabilities. Police and cyber experts have advised users to verify suspicious messages by directly calling the sender before opening any attachment.
