Mumbai Cyber Crime Branch has arrested six members of an interstate cyber fraud syndicate allegedly linked to 3,206 fraud complaints, losses of ₹43.25 crore, and a server database containing sensitive financial data of 8,609 victims across India.
The case began with a fake Mahanagar Gas message and a ₹10 payment request. Investigators later uncovered a much larger APK malware network operating across multiple states.
Fake Mahanagar Gas Message Triggered Probe
A Mumbai resident received a WhatsApp message allegedly posing as an alert from Mahanagar Gas Limited.
The message claimed that his gas connection would be disconnected unless he updated billing details immediately.
He was asked to download an APK file and pay ₹10.
After installation, the malicious application allegedly captured his banking information, resulting in a loss of ₹2.35 lakh.
Server Data Exposed Massive Fraud Network
Forensic analysis of Google Firebase and Hostinger servers allegedly used by the gang revealed alarming data.
Investigators found:
- Nearly 1.24 crore SMS records
- OTPs and banking alerts
- Financial messages
- Data linked to 8,609 victims
- Bank account details
- ATM card information
- PINs, CVV details and UPI IDs
Police also recovered 111 fake APK files impersonating banks, the RTO, Mahanagar Gas and other institutions.
Six Accused Arrested
The arrested accused have been identified as:
- Arif Astun Ansari (28)
- Shaikh Belal Naushad (28)
- Mehboob Naushad Alam (26)
- Sajid Mansur Ali (21)
- Mohan Kushal Mahto (23)
- Sunil Kumar Dashrath Soren (25)
They were arrested from Jharkhand and Delhi.
According to police, the accused included APK developers, distributors and operators involved in sending malicious files to victims.
3,206 Complaints Linked Nationwide
Investigators linked the network to 3,206 complaints across India.
Of these, 517 complaints were from Maharashtra and 93 were from Mumbai.
The findings have been shared with the Indian Cyber Crime Coordination Centre (I4C), and concerned state police departments have been notified.
WhatsApp and Telegram Used for Distribution
Investigators found WhatsApp groups, Telegram groups and Telegram bots allegedly used to sell and circulate fake APK files.
Server panel credentials, malicious URLs and package names linked to fraudulent applications were also recovered.
Police said the network followed a familiar pattern involving fake utility alerts, APK delivery through WhatsApp, OTP interception and remote banking access.
Public Safety Advisory
Citizens should never install APK files received through WhatsApp, SMS or unknown links.
Authorities advise users to:
- Download apps only from Google Play Store or Apple App Store
- Never share OTPs, ATM PINs or banking credentials
- Avoid opening ZIP files from unknown senders
- Verify utility bills only through official websites or apps
- Call 1930 immediately if suspicious transactions occur
Shunyatax Global Insight
The Mumbai APK fraud bust shows how cybercriminals are evolving from simple phishing calls to advanced malware-based financial theft. Fake utility messages, malicious apps, OTP interception and server-based data harvesting now pose a serious threat to ordinary users.
Early reporting through 1930 remains one of the strongest ways to freeze stolen funds and limit damage.
Stay connected with Shunyatax Global for verified updates on cybercrime, digital fraud, law enforcement and cybersecurity alerts.