Cybercrime in India: Malicious APKs and Social Engineering

• Bhargavi Mani lost nearly ₹1 lakh while trying to book lounge access at Bengaluru airport.
• The scam was executed after Mani downloaded an APK that looked like a regular app, shared via a WhatsApp chat from an international number.
• The malicious APK functioned after Mani clicked on a link that granted screen mirroring access to a supposed customer care adviser during a video call.
• Mani noticed an unauthorised transaction of ₹87,125 to a PhonePe account. Additional transactions were denied due to the card reaching its spending limit.
• Cybercriminals used Big Tech platforms, such as a fake website, “Loungepass.in,” which was one of the top results on Google.
• The malicious APK worked by enabling call forwarding, allowing scammers to receive OTPs for transactions via phone banking.
• The website used to lure Mani into downloading the malicious app has been taken down.
• In 2023, Indian citizens lost ₹66.66 crore in 4,850 reported cases of online scams.
• India ranked fifth globally in the number of breached accounts in 2023, with 5.3 million leaked accounts.
• Users are advised to tread with caution when clicking on unverified links, downloading new apps, and scanning QR codes.