Hyderabad: Cybercriminals are deploying a new scam in Hyderabad, attempting to hijack WhatsApp accounts using malicious APK files. The goal is to spread these malware-laced files through compromised user accounts to steal personal data and extort victims, police said.
According to Hyderabad Cybercrime Police, the attackers create fake APK files embedded with malware and distribute them through WhatsApp and SMS. They disguise these messages with attention-grabbing themes like RTO challan alerts or credit card limit updates to trick recipients into clicking.
WhatsApp hijack APK scam spreads via infected contacts
Once the recipient downloads the file, the malware takes control of the device. From there, attackers access all stored data and financial apps, enabling them to monitor transactions and initiate blackmail. Victims are then targeted for extortion, losing both data and money.
In a concerning development, police discovered that the attackers use hijacked WhatsApp accounts to automatically forward the same malicious file to all contacts, making it appear as if the message came from a known person. This increases the chance of further infections.
The Cybercrime unit urged the public not to click or download any unexpected APK file links, even if they appear to come from trusted sources. Users should delete such messages immediately and report suspicious activity to the police.