One click, Rs 9.4 lakh gone: Fake ‘pension plan’ APK file drains Pune teacher’s savings

“The complainant thought it to be a genuine message about some investment plan of a bank with retirement benefits, the complainant clicked the file after which it got downloaded to her phone. Within the next few minutes as many as five transactions were made from her account totalling Rs 9.44 lakh, leaving just Rs 198,” a police officer said, adding that the siphoned amount constituted a major chunk of her life savings.

The victim soon approached the bank and realised that cyber fraudsters had gained remote access to her phone and made transactions from her bank account.

She subsequently contacted the cybercrime police station, and after a preliminary inquiry, an FIR was registered at the Swargate police station on Saturday.

“A probe has been launched into the cell phone numbers and mule bank accounts used in the fraud,” said an officer from the Swargate police station.

Malicious APKs: A growing cyber fraud tool

Android Package Kit files with .apk extension are application files used to install apps on Android devices outside official app store platforms. Cyber fraudsters often disguise malicious APK files as bank updates, traffic challans, gas or electricity connection bill payment apps, pension plans, or government documents and trick victims into downloading them through messaging apps or SMS links.

Malicious APK files typically gain access by exploiting the permissions granted by the user during installation. Once the victim installs the app and allows permissions such as accessibility access, screen sharing, SMS access, or notification access, the malware can monitor activity on the phone, read OTPs, record keystrokes, and even control certain functions remotely.