How fake apps .APK are used for financial fraud
CYBER SECURITY
1 SEPTEMBER 2025
- APK fraud is one of the fastest-growing cybercrime threats in the country today.
- The National Cyber Crime Reporting Portal has logged 12,47,393 different types of cases in the last six months.
- Parliament has been informed that there has been a 900% jump in cyber crimes between 2021 and 2025.
- These scams, driven by malicious Android Package Kit (APK) files, exploit public trust in digital systems while using sophisticated technical tools to stay undetected and operational across State lines.
- APK files on Android devices are much like .exe files on Windows computers; both are used to install apps, and both can be exploited by fraudsters to spread malware.
- Fraudsters build or source these apps to mimic the appearance and language of official portals, including government subsidy schemes like PM-Kisan, tax refund platforms, electricity boards, or banks asking for KYC updates.
- These fake apps are often circulated through social media platforms like WhatsApp, accompanied by convincing messages that urge users to act immediately.
- The fraudsters who circulate these APKs are rarely the ones who build them.
- Cybercrime officials estimate that 60 to 70% of malicious APKs used in India are developed locally by tech savvy masterminds in Delhi NCR, Meerut, Uttar Pradesh, Jamtara, and parts of Jharkhand.
- Jamtara city in Jharkhand is known as India’s “phishing capital” for being a hub of widespread cyber fraud scams that involve defrauding people of sensitive financial information through phishing techniques
- Fraudsters also use mule accounts and shell identities to pay for hosting and publishing on search engines.
