A major cybercrime fraud network linked to the Jamtara syndicate has been dismantled by the Ahmedabad Cyber Crime Police, exposing a sophisticated operation that used malicious APK files to steal banking credentials and drain victims’ accounts. The investigation uncovered a Telegram bot that allegedly supplied malware to nearly 400 cyber criminals across the country.
The operation was launched under the direction of Deputy Commissioner of Police Lavina Sinha, with a dedicated investigation team led by Assistant Commissioner Hardik Mankadiya. Investigators used digital forensics, technical intelligence and human intelligence to trace multiple cyber fraud complaints linked to fake utility bill alerts, bank KYC updates, customer support messages and government notifications.
The investigation gained momentum after a complaint from Naresh Sabnani, who lost ₹6.68 lakh after downloading a fake “Sabarmati Gas Bill Update.apk” application received through WhatsApp. Once installed, the malware gained remote access to his mobile phone, intercepted banking credentials and authentication details, and enabled fraudulent transactions from his HDFC Bank account.
Police identified Purnanand alias Mukesh Tiwari as the alleged malware developer and arrested him during an interstate operation while he was travelling on a train from Kolkata to Sairang. Investigators also arrested Vikas Das, who allegedly distributed the malware to nearly 400 cyber criminals, and Sitaram Nakul Mandal, who is accused of arranging bank cards and financial channels used to launder stolen funds.
The investigation revealed that the accused operated a dedicated Telegram bot that functioned as an underground marketplace where cyber criminals could purchase, download, renew and replace malware designed to impersonate banks, financial institutions and utility service providers. Payments were allegedly routed through SBI YONO Cash, helping conceal the identities of buyers and sellers.
According to investigators, the malware allowed fraudsters to remotely access mobile devices, intercept OTPs, monitor SMS messages, read notifications, access contacts and transfer funds directly from victims’ bank accounts. Police also discovered that once installed, the malware automatically spread itself across victims’ WhatsApp and Telegram groups, rapidly expanding its reach.
Officials believe the arrests have disrupted a major cyber fraud network, while investigations into additional suspects, financial trails and technical infrastructure remain ongoing.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.