In a major crackdown on a sophisticated cyber fraud operation, Mumbai Cyber Police have arrested six accused for allegedly operating a malware-based scam in which malicious APK files were disguised as Mahanagar Gas Limited (MGL) payment alerts to gain unauthorized access to victims’ smartphones and siphon money from their bank accounts. Investigators have linked the accused to 3,206 cyber fraud complaints across the country involving an estimated ₹43 crore.
The arrested accused have been identified as Arif Ansari (28), Shaikh Naushad (28), Mehboob Alam (26), Mohan Mohanto (23), Sunil Soren (25), all residents of Jharkhand, and Sajid Ali (29) from New Delhi.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
According to the investigation, the accused allegedly created malicious APK files and circulated them as “MGL Gas Unblock” applications. Victims were contacted through messages claiming that their gas connection would be disconnected due to unpaid bills or were asked to make a token payment of ₹1 after downloading the APK file to restore services.
Police said that once the victim downloaded and installed the malicious application, the attackers gained remote access to the smartphone. They allegedly used that access to carry out unauthorized banking transactions, transfer funds, and withdraw money from victims’ accounts.
Investigators have so far traced 3,206 complaints linked to the accused across India, including 517 complaints from Maharashtra and 93 from Mumbai. The total financial loss associated with the racket is estimated to be around ₹43 crore. Authorities are continuing to examine digital evidence and financial trails to determine the complete extent of the fraud and identify additional victims and possible associates.
The investigation has also revealed that similar scams have witnessed a rise in recent weeks, with cybercriminals increasingly using fake messages relating to gas bills, traffic challans, electricity payments, and other civic services to trick users into downloading malicious APK or ZIP files.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said cybercriminals are increasingly exploiting public trust in essential utility services by combining social engineering with Android malware. He noted that once a malicious APK is installed, attackers can gain extensive control over a device, intercept sensitive information, and execute fraudulent banking transactions. He advised citizens to download applications only from official app stores, never install APK files received through SMS, WhatsApp, or unknown links, verify payment requests directly with the concerned service provider, and immediately report suspicious activity to the national cybercrime helpline.
The investigation is continuing, with authorities analysing seized digital devices, financial records, and communication data to uncover the wider network behind the malware campaign and recover additional proceeds of crime.
