Top News

Cyber fraud cases are rising rapidly across the country, and scammers continue to develop new methods to trap unsuspecting users. In response to the increasing number of digital theft incidents, the State Bank of India (SBI) has issued a strong advisory urging customers to be extremely cautious. According to SBI, fraudsters are sending fake messages claiming KYC updates, account blockage alerts, refund approvals, or loan verification requests. These messages contain a link that leads users to download a harmful APK file, which eventually gives scammers full access to their mobile device.

SBI has cautioned that installing such malicious applications can compromise sensitive data and even lead to complete drainage of your bank balance. The bank has appealed to customers not to click on unknown links under any circumstances.

What SBI Has Explained in Its Advisory

SBI revealed that cybercriminals are circulating APK files disguised as legitimate banking applications. Once these files are installed, scammers can remotely monitor and control the entire smartphone. Through this illegal access, they can reach:

• Mobile camera and microphone

• Photo and file gallery

• Location services

• Banking applications

• Saved passwords

• SMS inbox and OTPs

With such deep access, fraudsters can transfer money from a victim’s bank account within minutes. SBI has warned that these APK links are extremely dangerous and must never be downloaded.

The bank further advised customers to download banking apps only from official platforms, such as the Google Play Store or Apple App Store. If any suspicious incident occurs, customers should immediately lodge a complaint by calling 1930 or report it through cybercrime.gov.in, instead of hiding the matter out of embarrassment or fear.

What Exactly Is an APK File?

An APK (Android Package Kit) is the standard installation file used to install apps on Android devices. While genuine APK files are safe when downloaded from trusted sources, criminals are now distributing modified APK versions that are embedded with malware.

As soon as these fake APK files are installed, the malware activates silently in the background. It allows criminals to monitor every activity on the device, including keystrokes, screen activity, and banking transactions. Because the malicious APK appears legitimate, many users unknowingly install it and fall victim to cyber fraud.

SBI has clearly stated that any message prompting users to download such files should be treated as a red flag.

Common Messages Used by Scammers

Many customers have reported receiving messages such as:

• “Your bank account will be closed soon. Update KYC immediately.”

• “Your bank verification is pending. Complete it to avoid service disruption.”

• “Download the app to receive your refund.”

These messages come with a link that automatically downloads a fraudulent APK file when clicked. Once installed, the phone gets hacked without the user’s consent. Scammers then take control of the device using:

• Remote screen access

• Keypad tracking

• OTP reading and interception

This enables them to execute banking transactions from anywhere.

How This Fraud Works: Step-by-Step Process

Cyber experts explain that this scam takes place in multiple stages:

1. The victim receives a message designed to create urgency, encouraging them to click the link.

2. A fake APK file is downloaded, tricking the user into installing it.

3. Remote access is granted to the scammer without the user realizing it.

4. The criminal steals sensitive data such as login IDs, passwords, and OTPs.

5. Money is transferred from the victim’s bank account silently and quickly.

In many cases, users do not notice the fraud immediately because the process runs stealthily in the background.

Cybersecurity experts and SBI both emphasize that awareness and caution are the biggest safeguards against such scams. Users must avoid clicking unknown links, refrain from downloading unofficial apps, and report suspicious activity immediately to prevent financial loss.