If you own an Android device, you may be familiar with the term ‘APK’. It stands for Android Package Kit, which is simply the file format used to install apps on Android phones.
Are All APKs Harmful?
While APKs are not harmful on their own, scammers can misuse them to trick people into downloading malicious apps that steal personal and financial information.
How Does The APK Scam Work?
You may receive a message on WhatsApp, SMS, or email that looks like it’s from your bank, government body, or even a friend. The message usually carries urgency: “Update your KYC now or your account will be blocked”, “Pay this challan immediately”, or “Download your [bank’s] rewards app”.
The link inside leads to a fake APK file. Once installed, it gives fraudsters full access to your phone and they record your phone’s screen, and let the scammer track your activities. This file can record your keystrokes, read texts, redirect calls, and even carry out transactions from your bank account without your knowledge.
Earlier this year, we covered the APK scams on our Scam Watch series. Watch here.
Warning signs to watch out for
Messages invoking a sense of urgency (“account suspended in 24 hours”).
Links asking you to download an app from outside the Google Play Store.
Requests or notifications to enter sensitive details, like account numbers, PINs, or OTPs.
Apps demanding excessive permissions (access to SMS, contacts, or screen recording).
How to Stay Safe?
- Never click on suspicious links or download files from unknown senders.
- Install apps only from official sources like the Google Play Store.
- Check permissions in your phone settings carefully before allowing access to any app.
- If you think you’ve fallen victim, immediately report it at cybercrime.gov.in.
- If you’ve received a suspicious link or message, don’t panic. Send it to BOOM’s Tipline (7700906588) and we’ll verify it for you.
