Delhi Police Trace Fraud Malware Supply Chain to Jamtara Developer

New Delhi | December 12, 2025:

What initially appeared to be a routine case of phone-based impersonation fraud has led Delhi Police to uncover a deeper layer of India’s cybercrime ecosystem - the developers who supply the digital tools enabling financial theft.

The case came to light after a Delhi resident reported losing ₹1.2 lakh in late July after installing what he believed was a legitimate “customer support” application. The fraud followed a familiar pattern: a caller posing as an electricity department official warned of an imminent power disconnection unless immediate action was taken.

The difference lay in the software. The Android Package Kit (APK) sent to the victim granted remote access to his smartphone, allowing fraud operators to navigate banking and payment applications in real time. Investigators traced the application’s digital fingerprints - including backend code and IP logs - to Deoghar, Jharkhand, where a 26-year-old man was arrested earlier this month.

The accused, Umesh Kumar Rajak, is alleged to have played a technical role in the fraud chain, supplying malicious software rather than directly contacting victims.

Police officials identified the application as a “fully undetected” (FUD) customer support APK - malware engineered to bypass antivirus detection and operating system safeguards. Once installed, such software can mirror a user’s screen, intercept one-time passwords, and silently authorise financial transactions without the victim’s knowledge.

Investigators said Rajak routinely modified the code to stay ahead of security updates issued by smartphone manufacturers and app developers. Each customised version of the malware was allegedly sold to fraud operators for approximately ₹15,000, highlighting how advanced cybercrime tools are now widely accessible at relatively low cost.

During the arrest, police seized three high-end Android phones believed to have been used for malware development, testing, and distribution. Digital logs recovered from the devices reportedly show how the applications were shared and payments received, offering investigators rare insight into the backend supply chain of cyber fraud.

Rajak hails from Jamtara, a district long associated with organised cybercrime operations ranging from phishing and fake call centres to digital extortion. Police described him as a BA graduate who operated on the technical periphery of this ecosystem, enabling fraud rather than executing it.

He has previously been named in cheating cases registered in Mumbai and Ranchi under provisions of the Bharatiya Nyaya Sanhita and the Information Technology Act. Law enforcement officials noted that cybercrime networks increasingly rely on such division of labour - with callers, developers, and money handlers operating from different locations - making them harder to dismantle through isolated arrests.

The Delhi Police said the investigation is ongoing and that digital evidence is being analysed to identify other fraud operators who purchased the malicious APKs, as well as additional victims whose losses may not have been formally reported.

Officials noted that while public advisories often focus on warning citizens against installing unknown apps, far less attention is paid to the underground market that designs and distributes such tools. Detecting these financial and technical linkages early, investigators said, requires robust forensic scrutiny and transaction analysis - an area where auditing services in india become crucial in uncovering hidden money trails and systemic misuse.

As smartphones increasingly mediate everyday financial activity, authorities warned that even inexpensive pieces of malicious code can quietly erode trust, drain savings, and sustain a nationwide shadow economy extending far beyond a single arrest in Jharkhand.