Beware of Fake Customer Care! Gang Stealing Money via Malicious APKs Arrested in Bihar

Mumbai, April 22, 2026 — In a major crackdown on cybercrime, the Mumbai Police has successfully arrested three individuals from Bihar who were allegedly running a massive online fraud network. The gang specialized in hacking mobile phones and draining bank accounts by tricking unsuspecting victims into downloading malicious APK files.

The arrests come after a surge in complaints over the past month, revealing a highly organized syndicate that was exploiting public panic and essential service disruptions.

Exploiting the Gas Shortage

According to the Mumbai Police, the fraudsters recently capitalized on a localized gas shortage. They sent text messages and WhatsApp links to desperate consumers, promising quick gas cylinder bookings or customer support.

To avail these “services,” victims were instructed to download a specific APK (Android Application Package) file. These files were often disguised as official apps for various banks, customer service portals, or utility providers.

How the Modus Operandi Worked

Once a victim installed and opened the fraudulent APK file, the malicious software would secretly execute in the background. The app would immediately grant the fraudsters remote access to the victim’s smartphone, including their SMS inbox.

With full control over the device, the cybercriminals could easily intercept One-Time Passwords (OTPs) and banking alerts, allowing them to siphon off funds from the victim’s accounts seamlessly. In most cases, the victims only realized they had been robbed long after the transactions were completed.

A Syndicate Supplying Call Centers

The investigation has uncovered that the three arrested men from Bihar were not just petty thieves, but developers and suppliers of malware.

Police revealed that the accused were actively creating these sophisticated, fake APK files and selling them in bulk to various illicit call centers operating across the country. These call centers would then use the malware to conduct large-scale cyber frauds.

Recent High-Profile Victim

The severity of this specific APK scam was highlighted earlier this month when a sitting judge fell victim to a similar modus operandi.

On March 30, the judge encountered a technical issue with a mobile phone and searched online for a Samsung customer care number. Upon calling a fraudulent number found online, the scammer posing as a support executive sent an APK file via WhatsApp under the guise of providing a “technical fix.” Shortly after installing the file, the judge lost ₹93,000 from their bank account.

The Mumbai Police stated that the interrogation of the three accused is currently underway. Authorities are confident that their arrest will lead to the unraveling of a much larger network and the resolution of several other pending cyber fraud cases linked to these malicious APKs.