In a recent public notice, Punjab and Sind Bank (PSB) has cautioned its customers about an ongoing scam in the bank’s name. The bank said that it is important for you to know about the scam to keep your money safe from the scamsters. This scam (APK file scam) starts with you receiving a fake message supposedly from the bank informing that your bank account will be blocked due to a KYC update. However, in reality, no such message has ever been sent by the bank, and neither is your KYC going to expire.
“They are asking customers to download APK files loaded with malware to steal account and personal information,” Punjab and Sind Bank said in the notice.
So how exactly does the scam happen? And what false narratives do the fraudsters create to lure you into following their call to action? Read below to know more about this and be alert.
How APK scam happens
The APK scam happens in three steps:
Step 1: Creating a false narrative to create panic
Step 2: Make you download a malicious APK file and install it
You Might Also Like:
Step 3: Perform fraudulent activities like installing a keylogger (a keylogger can see every keystroke you click on the mobile keyboard), launch a ransomware attack, or access the clipboard.
Step 1: The false narrative
According to Kaushik Ray, Chief Operating Officer (COO), of Whizhack Technologies, scamsters first send an SMS that looks like an SMS being sent by a bank – the tone and language of such a scam SMSes are very similar to real bank messages. This SMS contains a false narrative informing you about the blocking of your bank account or UPI activities or others due to pending KYC updates, or other reasons. “These narratives play on users’ desires or fears, effectively bypassing rational judgement and exploiting gaps in digital literacy,” says Ray.
“The intention behind such narratives is to create panic and then get you to install malicious APK files on the mobile devices. These are social engineering tactics. APK scams often work due to a combination of social engineering and user misinformation. Cybercriminals typically use compelling narratives that create a sense of urgency or offer a unique benefit to persuade users to download the APK,” he further explains.
You Might Also Like:
For example: The scam SMS may say that if you don’t click on this link to download the APK file, your bank account will be frozen as its KYC status is pending or lapsed, etc.
Another possible narrative is the scam SMS may tell you that your reward points are going to expire, so download the file to redeem them otherwise the accumulated points will be lost.
Ray informs that sometimes the narrative may not be using fear instead it could use greed. “For example, they might advertise an APK as a way to access a popular feature not yet available for others or an app that provides free services that would usually require payment,” he says.
Most of the time these narratives work in the scamster’s favour because people are inherently engineered to fear about the safety of their assets which in this case is money kept at the bank. Just imagine if someone impersonating a bank officer informs you that all the money you keep at the bank is going to be frozen for an undefined period if you don’t do this immediately. One of the first things that will play in your mind is how are you going to pay the school fees of your children, how to buy vegetables for tonight’s dinner, and how to even do a DTH or mobile recharge. A bank account powers our daily life in unimaginable ways and freezing it would mean getting cut off from life’s activities.
Step 2: Installing the malicious APK file
Once the scamsters manage to convince you with their narratives, they make you install the malicious APK files. “Post installation, the hacker receives a connection on his hacking device, thus granting access and control of the infected mobile device with the hacker to facilitate malicious actions,” says Ray.
Step 3: Launching the cyber scam attack
Ray informs that once the hacker gets control of the device, he/she may execute multiple attacks which may include a ransomware attack. If you are targeted for a ransomware attack, then your mobile device will get locked up and the hacker will not release the lock until you pay up the demanded ransom. The hacker may also threaten to expose private and confidential documents, photos, and others on the Internet if you fail to give the ransom money.
Ray further says that some hackers may not use ransomware against you and may instead install keyloggers to know your net banking ID and password, UPI PIN, or others. “One of the common functionalities of malware from fraudulent APKs can include keyloggers and clipboard access. A keylogger records all keystrokes made on the device, which can capture everything from passwords to credit card numbers. Similarly, by accessing the clipboard, the malware can read any data that has been copied, such as passwords and account numbers. This data can then be used to breach online banking or UPI accounts, leading to financial theft or identity fraud,” he says.
Source: Punjab and Sind Bank website as of August 2, 2024
How to prevent APK scams
According to the public notice by Punjab and Sind Bank, here is what you should do:
- Never download files received from strangers,
- Never click on unknown links
- Block and report suspicious contacts
- Do not share personal information with anyone online.
According to Ray, the APK scam specifically targets Android devices because APK is a file format used by Android.
“iOS devices use a different format called IPA (iOS App Store Package), and they have a closed ecosystem that generally doesn’t allow installation of apps from third-party sources without jailbreaking the device. This doesn’t mean iOS devices are immune to similar scams; they just don’t use APK files. iOS users can still be targeted through other means like phishing or malicious profiles and apps installed through exploitation of enterprise certificates or sideloading techniques,” he says.