The Cyber Police Station of Delhi's South-West District has dismantled an organised interstate cyber fraud syndicate accused of targeting citizens through malicious Android Package Kit (APK) applications disguised as utility service alerts.
Following an extensive technical investigation, police arrested four key suspects and recovered 20 mobile phones, multiple digital devices, gold and silver ornaments, cash, and a vehicle. Investigators allege the group cheated victims by sending fake gas connection disconnection warnings and installing malware on their smartphones.
Fake Utility Alert Led to Mobile Takeover
According to investigators, the fraud came to light after a woman received a text message falsely claiming that her Indraprastha Gas Limited (IGL) connection would be disconnected unless immediate action was taken.
The message directed her to contact a customer support number. During the call, the fraudsters allegedly persuaded her to install a malicious APK file sent through WhatsApp.
Police allege that once the application was installed, the attackers gained remote access to her smartphone, allowing them to intercept banking credentials, authentication permissions and security controls.
Investigators said the syndicate subsequently carried out unauthorised transactions from the victim's bank accounts and credit cards, allegedly causing a loss of approximately ₹2.64 lakh.
Stolen Money Converted Into Electronics and Precious Metals
Authorities allege that the stolen funds were quickly used to purchase premium smartphones, gift cards and gold coins to reduce the traceability of the money.
Cyber investigators tracked the fraud by analysing the International Mobile Equipment Identity (IMEI) numbers of two smartphones purchased using the victim's compromised credit card.
Shipping records allegedly led investigators to a fictitious delivery address in Shaheen Bagh, Delhi, where police arrested a retail employee suspected of receiving fraudulently purchased electronics before forwarding them to associates in Kolkata in exchange for commissions.
Technical Investigation Uncovered Wider Interstate Network
Investigators further analysed WhatsApp communications, courier records and logistics data, leading to another arrest at Khidderpore in Kolkata, where a parcel receiver was apprehended.
Police allege that the wider network also relied on handlers in Jharkhand, who purchased fraudulently acquired electronic goods at discounted prices before disposing of them through illegal resale channels, including overseas buyers.
Authorities are continuing to examine digital devices, financial transactions and communication records to identify additional members of the network and trace the complete movement of stolen assets.
APK Malware Remains a Growing Cyber Threat
Cybersecurity experts warn that APK-based malware remains one of the most dangerous attack methods because it bypasses the security protections of official application stores.
Once installed, malicious applications can steal passwords, intercept OTPs, capture banking credentials and monitor sensitive personal information without the user's knowledge.
Experts advise citizens to download applications only from official app stores, avoid installing files received through WhatsApp or unknown links, and independently verify any urgent utility-related communication through official company websites or customer service channels.
Shunyatax Global Insight
The Delhi cyber fraud case highlights how organised cybercriminals continue to exploit social engineering, malicious mobile applications and interstate logistics networks to monetise stolen funds. As digital banking adoption increases, user awareness, secure mobile practices and rapid cybercrime reporting remain critical to preventing financial losses.
Stay connected with Shunyatax Global for trusted coverage of cybercrime investigations, digital security developments and law enforcement actions from India and around the world.