Cybercrime patterns in Karnataka are rapidly changing, with APK fraud emerging as one of the fastest-growing digital threats in the state. While attention has mostly remained on investment scams and digital arrest frauds, authorities are now witnessing a major surge in malware-based APK attacks targeting Android users.
According to data accessed by a media platform, APK fraud cases in Karnataka jumped by 190.46%, rising from 325 cases in 2024 to 944 cases in 2025. The state has already recorded 458 cases till April this year. Based on the current monthly average of 114.5 cases, Karnataka could see nearly 1,374 APK fraud cases by the end of the year.
Unlike investment scams or digital arrest frauds, APK scams mainly rely on tricking users into installing malicious Android application files. Cybercriminals typically send fake messages on WhatsApp or Telegram related to electricity bills, KYC updates, pending credit card points or wedding invitations. These messages usually contain an .apk file attachment.
While APK is the standard format used for Android apps, investigators say fraudsters use third-party APK files loaded with malware to gain hidden access to devices.
“Cybercriminals purchase these customizable APK kits and use them as per their need. One day, the message may be about banking, the next day it may be about a friend’s wedding. They will also use any major news events to alter the messages. If a known contact’s phone is compromised, it will automatically forward the malicious APK file to all their contacts and WhatsApp groups. Victims click, thinking the message is from a known person,” a senior cybercrime investigator in Bengaluru reportedly said.
Once installed, the malware can intercept OTPs and enable unauthorised bank transactions. Officials also warned that some APK files contain Remote Access Trojan (RAT) malware, allowing fraudsters to access messages, call logs, documents, photos and videos. In some cases, spyware-based APKs can even remotely control cameras and microphones.
Senior citizens and people with limited technical knowledge are reportedly among the worst affected. Cases have also emerged where children accidentally clicked on malicious files using their parents’ phones.
Police have advised users not to enable the “Install from Unknown Sources” option on Android devices, as it allows harmful applications to be installed.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.