Vasco: Cyber fraudsters have cheated two local residents of more than ₹4 lakh through malicious APK files circulated via fake banking alerts and bogus traffic e-challan messages. In both cases, FIRs have been registered at Vasco da Gama, with Goa Police launching parallel investigations.
According to officials, the victims were persuaded under different pretexts to download APK files from unknown sources. Once installed, remote-access malware embedded in the applications became active, allowing the fraudsters to take control of the smartphones. Soon after, multiple unauthorised digital transactions were carried out from the victims’ bank accounts.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
In the first case, a Mundvel resident received a call from a man posing as a bank official, who claimed there was a technical issue with the account. The caller shared an APK link and urged the victim to install it immediately to “resolve” the problem. Within minutes of installation, ₹2.30 lakh was siphoned off through a series of online transfers.
In the second incident, another Vasco resident was targeted with a message claiming to be an official RTO e-challan notice. Believing it to be a legitimate traffic fine alert, the victim clicked the link, triggering an APK download. Soon after the app was installed, suspicious activity began on the phone, and ₹1.83 lakh vanished from the linked bank account.
Cyber investigators said both APK files contained remote-access tools that enabled criminals to monitor screens, intercept OTPs and initiate transactions in the background—often without triggering immediate alerts on the victim’s device.
Police have seized bank statements, IP logs and mobile data in both cases and begun analysing the digital money trail. Officials said identifying beneficiary accounts will help determine whether the incidents are connected to a larger interstate cybercrime network.
Senior officers noted that APK-based fraud is rapidly emerging as a preferred tactic for cyber gangs, as such files bypass official app-store security filters. Victims are typically pressured with urgent messages from imposters posing as banks, transport authorities or service providers, pushing them to act quickly without verifying links.
Authorities have urged citizens not to download apps from unknown sources, avoid clicking suspicious links received via SMS, WhatsApp or email, and keep the “install from unknown sources” option disabled on their phones. Police reiterated that banks and government departments never ask users to install APK files or share confidential information over phone calls.
Residents were also advised to immediately inform their bank and report incidents on the national cybercrime portal if they notice any unauthorised debits. Officials said early reporting significantly improves the chances of freezing fraudulent transfers.
Investigators warned that in APK scams, a single click can hand over complete control of a smartphone to criminals, giving them direct access to banking apps and personal data. Both FIRs remain under investigation, and further action—including arrests—is expected as technical analysis progresses.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
