The City Cyber, Economic and Narcotics (CEN) Police Station in Karnataka has launched an investigation into a cyber fraud in which 81-year-old Ishwarappa, a resident of Belagavi's Sadashiv Nagar area, allegedly lost ₹20,88,167 after fraudsters used malicious Android Application Package (APK) files to compromise his smartphone.
According to the complaint, money was withdrawn from three separate bank accounts.
Fraud Began After SIM Card Replacement
According to investigators, the victim replaced his damaged SIM card on June 25 through an authorised telecom service provider.
Police allege that shortly after the new SIM became active, the victim received three application files disguised as legitimate services.
The files reportedly appeared under names such as:
- Union Bank Update
- PM Kisan Yojana
- Member App
Believing them to be genuine applications, the victim allegedly opened the files.
Malware Allegedly Took Control of Mobile Device
Preliminary technical analysis indicates that the applications allegedly contained Remote Access Trojan (RAT) malware.
According to investigators, once installed, the malware allegedly obtained device permissions and enabled fraudsters to:
- Monitor mobile activity
- Capture login credentials
- Record keystrokes
- Access internet banking sessions
- Intercept One-Time Passwords (OTPs)
- Delete transaction alerts before they appeared
Police believe these capabilities enabled the accused to transfer funds without the victim immediately noticing the unauthorised transactions.
₹20.88 Lakh Traced Across Multiple Accounts
Following the complaint, cyber investigators began tracing the movement of the stolen funds.
According to police:
- Financial transaction trails are under examination.
- Suspected beneficiary accounts have been identified.
- Emergency requests have been issued to freeze accounts wherever possible.
- Digital evidence from the victim's mobile phone has been seized for forensic examination.
- Investigators are analysing IP addresses, hosting infrastructure and communication records connected with the malicious APK files.
Authorities are also coordinating with the National Cyber Crime Reporting Portal as part of the investigation.
APK-Based Malware Becoming a Growing Threat
Cybercriminals are increasingly using fake Android APK files instead of traditional phishing calls.
These applications often imitate:
- Banking updates
- Government welfare schemes
- Utility applications
- Telecom services
- Payment apps
Unlike official applications downloaded through trusted app stores, APK files received through SMS, WhatsApp or unknown links may install malware capable of taking control of a mobile device.
How Users Can Stay Safe
Mobile users should never install applications received through direct messages or unofficial websites.
Basic precautions include:
- Download apps only from official app stores.
- Never install APK files received through SMS or messaging apps.
- Disable installation from unknown sources.
- Keep mobile banking apps updated.
- Enable multi-factor authentication wherever available.
- Report suspicious banking activity immediately through 1930 and your bank.
Neither banks nor telecom operators normally distribute application updates through unsolicited messaging links.
Financial Record and Security Perspective
Cyber fraud involving banking malware can result in rapid movement of funds through multiple accounts before victims become aware.
Professional bookkeeping services in india help businesses monitor bank reconciliations, identify unusual financial transactions and maintain accurate financial records that support early fraud detection and stronger financial controls.
Conclusion
The Belagavi case highlights the growing threat posed by malware disguised as legitimate applications.
The investigation is continuing as police trace the financial trail, examine digital evidence and identify individuals behind the alleged cybercrime network.
Shunyatax Global Insight
Shunyatax Global says that malware attacks are increasingly replacing traditional phishing methods because they allow criminals to silently capture banking credentials and OTPs without repeated interaction with the victim. Organisations and individuals should strengthen mobile security, regularly review banking activity and adopt professional bookkeeping services in india to improve transaction monitoring and quickly identify unauthorised financial movements.