HDFC Bank, India’s largest private sector bank, has issued an urgent public warning about a dangerous Android malware scam that is targeting customers across the country.
HDFC Bank issues urgent warning about rising mobile scam
The bank has raised serious concerns as fraudsters increasingly send harmful APK files to people under false pretenses. This new type of scam has already led to many people losing money and sensitive information from their mobile phones.
According to the bank, cybercriminals are pretending to be officials from trusted institutions such as banks, the Income Tax Department, or the transport department. They contact people through phone calls, SMS messages, or emails and create panic by talking about urgent issues.
These include updating KYC information, claiming income tax refunds, or settling unpaid traffic challans. Once the victim is alarmed, the fraudster sends a link that looks genuine but actually contains a malicious APK file.
This APK file, once installed, silently plants malware on the person’s phone. The malware gives remote access of the phone to the fraudster. With full control of the device, the attacker can read messages, listen to calls, monitor notifications, steal bank login details, and even make unauthorized financial transactions. Victims often only realize something is wrong after they receive debit alerts from their bank or notice that money has gone missing.
How the APK scam works
The scam usually begins when someone receives a call or message from a person claiming to be a bank employee or a government official. The caller gives a convincing message and warns the victim to take immediate action, or they will block the bank account or take legal action. This puts pressure on the person to act quickly without verifying the claim.
The caller then sends a link to download an APK file. In many cases, the file shows a bank logo or looks like an official app. This makes it seem safe. When the person downloads and installs it, the fake app opens a page.
It asks for personal and banking details. The app may ask for the bank account number, card number, CVV, and OTPs. As soon as the person types these in, the fraudsters steal them. They use the details to transfer money or make purchases.
In another version of the scam, fraudsters pose as officials from the Road Transport Office and inform the victim about a pending traffic fine. They send a fake message or email with a link that supposedly leads to an e-challan portal. When clicked, the same type of malware gets installed. From that point on, the victim’s phone and private data are no longer safe.
The damage caused by this malware is not limited to money loss. Since the malware can control the phone, it can also redirect phone calls and messages, preventing bank OTPs and alerts from reaching the victim. This delay gives the fraudster more time to carry out multiple transactions without being stopped.
What HDFC Bank advises and how to report a fraud
HDFC Bank is asking all customers to stay alert and avoid clicking on links received from unknown or suspicious sources. Treat messages or calls about urgent issues like income tax refunds, KYC suspension, or challan payments with caution. Never install apps or APK files that someone shares over WhatsApp, SMS, or email, especially if they don’t come from official app stores or verified websites.
To keep phones safe, the bank recommends using a trusted antivirus or anti-malware app. Customers should not believe anyone asking them to download an app over a call, no matter how genuine they may sound. If there is any doubt about a message or call, it is best to visit the official website of the bank or government department to verify the information.
In case someone becomes a victim of this fraud, immediate action is necessary. The person should contact their bank right away to block their card, UPI, or net banking access. They should then call 1930, which is the national cybercrime helpline launched by the Ministry of Home Affairs. It is also important to report the incident on the National Cyber Crime Reporting Portal at www.cybercrime.gov.in.
The bank strongly urges all customers to stay aware and act quickly in case of any suspicious activity. Being informed and alert is the first and most important step in protecting yourself from cybercrime.
