Delhi Police Arrest Ten in Rs 26 Lakh Cyber Fraud, Uncovering Malicious APK and Bank Impersonation Tactics
In a significant crackdown on cyber fraud, the Delhi Police Cyber Cell apprehended ten individuals following a complaint lodged at the Cyber South West Police Station. This operation successfully addressed four distinct cyber fraud cases, revealing a sophisticated scheme that employed various tactics to unlawfully access victims’ bank accounts. The accused utilized malicious APK files sent via WhatsApp, impersonated bank and utility officials, and employed remote-access techniques to gain complete control over victims’ mobile devices.
Modus Operandi of the Fraudsters
The fraudsters followed a consistent and deceptive approach. They posed as bank officials or representatives from utility services, reaching out to victims under various pretexts, including assistance with senior citizen cards, credit card KYC verification, and traffic challans. Victims were coaxed into downloading malicious APK files sent through WhatsApp. Once these files were installed, the malware provided the fraudsters with access to internet banking credentials and one-time passwords, enabling them to siphon funds directly from the victims’ accounts.
The Indian Cybercrime Coordination Centre has previously issued warnings that once a malicious APK file is installed, hackers can gain control of the device and drain bank accounts within minutes. The recent operation in Delhi exemplifies this threat, illustrating how a deceptive message can lead to completed financial fraud in a matter of moments, requiring little technical knowledge from the victims.
Breakdown of Significant Cases
Among the cases investigated, one stood out as particularly alarming. A senior citizen lost Rs 18.50 lakh after being targeted by fraudsters who impersonated bank officials. They offered assistance in obtaining a senior citizen card and sent a forged identity document to establish credibility. After persuading the victim to install a malicious application, the fraudsters accessed the victim’s account and withdrew the funds through mule bank accounts.
The investigation led to the arrest of the alleged kingpin, Manjoor Alam, along with five associates responsible for organizing the mule accounts used to facilitate the stolen funds. Additional arrests included Ravindra Kumar Mandal, linked to a Rs 1.01 lakh credit card KYC fraud, Ramvijay Kumar Das, involved in a fake M-Parivahan challan malware scam amounting to Rs 1.09 lakh, and Ankit Kumar and Golu Kumar, who were implicated in a fake BSES electricity officials’ scam resulting in a loss of Rs 6.31 lakh.
Authorities recovered 14 mobile phones, a laptop, digital evidence, and a Mahindra Thar Roxx SUV, which is believed to have been purchased with the proceeds of crime. The presence of a luxury vehicle among the seized assets indicates a syndicate generating substantial returns from its operations.
Shared Infrastructure Across Multiple Frauds
A common thread linking these otherwise distinct cases is the shared infrastructure utilized by the accused. The police reported that the syndicate operated by circulating SIM cards, mobile phones, mule bank accounts, UPI IDs, and internet connectivity among its members to execute fraud across multiple states. This collaborative operational model, where different members contribute specific resources rather than running independent operations, is a hallmark of organized cyber fraud networks.
The connection to Jharkhand is particularly noteworthy. The Jamtara region has been repeatedly identified as a hotspot for APK-based cyber fraud, with criminals evolving from basic phone-based OTP scams to more advanced malware operations. The interstate nature of the Delhi operation, with raids extending to Jharkhand to apprehend the alleged kingpin, underscores that even urban cyber fraud cases often have roots in established criminal networks.
APK files that impersonate services such as bank KYC portals, RTO e-challans, and electricity bill update services have been developed and sold to other fraudsters via Telegram bots. Individual developers reportedly supply malicious software to hundreds of criminal operators across the country. What may appear to a victim as a single fraudulent message could be the culmination of a supply chain involving developers, distributors, callers, and account handlers operating across state lines.
Ongoing Investigations and Future Implications
Investigations are ongoing to identify additional members of the network and ascertain the full extent of the fraud operation. The recovery of a vehicle linked to criminal proceeds also opens potential avenues for attachment proceedings under money laundering laws.
For victims, these cases highlight a well-documented pattern: APK files disguised as legitimate services and delivered through WhatsApp remain one of the most effective tools for cyber fraudsters to compromise mobile phones, steal credentials, and drain bank accounts. Authorities consistently advise against downloading APK files from unofficial sources, regardless of the sender’s apparent identity or the urgency of the accompanying message.
For further details on this operation, refer to the original reporting source: the420.in.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
