A 72-year-old senior cardiologist in Mumbai was defrauded of ₹9.49 lakh after falling victim to a sophisticated WhatsApp scam involving a malicious application file. The fraud began on April 8 when the victim received a message from an individual posing as a gas company official, claiming a bill from February 2026 was overdue. The sender threatened to disconnect the gas supply by 9:00 PM unless immediate action was taken. Despite the doctor stating the bill was paid, the fraudsters insisted on a system update and convinced him to install an Android Package (APK) file sent via the messaging platform.
Malicious application grants hackers full device access
Upon installing the APK file and making a nominal payment of ₹10 as instructed, the victim’s mobile device was compromised. Cybersecurity experts noted that such files allow malware to grant hackers complete control over a smartphone, including the ability to intercept text messages and banking credentials. Within minutes of the installation, the cardiologist received multiple one-time passwords and bank alerts as six unauthorized transactions were executed. The siphoned amounts ranged from approximately ₹74,523 to as high as ₹1.98 lakh, totaling a loss of ₹9,49,007.
Police investigation and rising threat of digital traps
The victim approached the local police and filed a complaint on the National Cyber Crime Reporting Portal after the perpetrators stopped responding to his calls. Preliminary findings suggest that the malware enabled the criminals to bypass security measures by accessing the victim’s banking applications directly. Authorities are currently working to trace the source of the messages and the destination of the stolen funds. This incident highlights a growing trend where cybercriminals utilize social engineering and technical tools to exploit the urgency and fear of their targets.
Expert warnings on social engineering and mobile security
Renowned cyber crime expert and former IPS officer Professor Triveni Singh warned that cybercriminals are increasingly combining social engineering with advanced technical tools. He noted that APK files are essentially digital traps that can completely compromise a user’s phone once installed. Experts like Professor Singh advise the public to avoid clicking on unknown links received through SMS or WhatsApp and to verify all claims through official company helplines. Reporting suspicious transactions immediately to the bank and the national cyber helpline is considered a critical step in mitigating the impact of such digital threats.
