Lalitpur: A man in Uttar Pradesh’s Lalitpur district has allegedly fallen victim to a cyber fraud after downloading an APK file received from the mobile number of a person known to him. According to the complaint, the file gave cybercriminals remote access to his smartphone, allowing them to withdraw a total of ₹7.03 lakh from his bank account over several days. Police have registered the case and launched an investigation based on digital evidence.
According to the victim, he received an APK file nearly two months ago from the mobile number of an advocate known to him. Trusting the sender’s number, he downloaded and installed the file without suspecting any wrongdoing. Preliminary findings suggest that the APK contained remote access malware, which allegedly enabled cybercriminals to gain unauthorized control of his mobile device.
The complaint states that between July 4 and July 12, a total of ₹7.03 lakh was withdrawn from the victim’s Central Bank of India account through multiple transactions. The fraud came to light when the victim visited the bank to update his passbook. He subsequently filed a complaint on the National Cyber Crime Reporting Portal and also lodged a written complaint with the local cyber police station.
Investigators are examining banking transactions, the compromised mobile device, application installation records, IP logs and other digital evidence to determine how the malware was deployed. The investigation is also focused on identifying the command-and-control servers used by the attackers, tracing the flow of the stolen funds and determining whether the fraud was carried out by an organised cybercrime network.
Cybersecurity experts note that Remote Access Trojans (RATs) distributed through malicious APK files can give attackers extensive control over a victim’s smartphone. Such malware can access banking applications, SMS messages, one-time passwords (OTPs), contact lists and other sensitive data, enabling unauthorized financial transactions.
A Researcher at Algoritha Security said cybercriminals frequently misuse the mobile numbers or social media accounts of trusted contacts to convince victims to install malicious applications. The researcher advised users to verify the authenticity of any APK file before installation, avoid downloading applications from unofficial sources and install apps only through authorized app stores while keeping their devices updated with the latest security patches.
Police have urged the public not to download unknown APK files, suspicious links or unauthorized mobile applications. Authorities advised that anyone who becomes a victim of cyber financial fraud should immediately report the incident through the 1930 cyber helpline and the National Cyber Crime Reporting Portal so that prompt action can be taken to freeze suspicious transactions and preserve critical digital evidence.
Officials said the investigation is ongoing, and further legal action will be taken based on the digital, financial and technical evidence collected. Investigators are coordinating with multiple agencies to identify those responsible and trace the movement of the stolen funds.
