The Ahmedabad City Cyber Crime Branch has dismantled a cyber fraud network based in Jharkhand’s Jamtara that allegedly targeted mobile users across India through malicious APK files. The operation came to light after an Ahmedabad resident lost more than Rs 6.68 lakh in a sophisticated online scam involving a fake gas bill update application.
Police investigations later uncovered a highly organised system in which fraudulent APK files were distributed through WhatsApp and Telegram, allowing cybercriminals to remotely access victims’ devices, steal banking credentials, and spread the infection further through contact lists and messaging groups.
Ahmedabad Resident Duped Through Fake Gas Bill Message
The investigation began after Naresh Devanand Sabnani, a resident of Hansol in Ahmedabad, approached authorities with a complaint regarding a major financial fraud.
According to the Cyber Crime Branch, Sabnani lost Rs 6,68,914 after receiving a WhatsApp message that appeared to originate from Sabarmati Gas Limited. The message warned him that his gas connection would be disconnected unless he immediately updated his pending bill details.
Police said the fraudsters posed as officials of the gas company and convinced the victim to install a mobile application titled “Sabarmati Gas Bill Update.apk”.
Once the application was downloaded and installed, the accused allegedly gained unauthorised remote access to the victim’s mobile device.
Investigators stated that the fraudsters subsequently transferred money illegally from Sabnani’s HDFC Bank account.
The case triggered an extensive technical investigation by the Ahmedabad City Cyber Crime Branch as officials began tracing the source of the malicious software and the individuals operating the fraud network.
Cyber Crime Branch Launches Technical Investigation
The Ahmedabad City Cyber Crime Branch initiated a specialised operation after analysing several online complaints registered through the national cybercrime helpline 1930.
Officials said investigators studied the gang’s operating pattern and traced the digital infrastructure used in the fraud.
The probe was conducted under the supervision of senior police officials, who coordinated efforts to identify the masterminds behind the malicious APK distribution network.
Authorities eventually tracked the operation to a notorious cyber fraud syndicate operating out of Jharkhand’s Jamtara region, an area that has repeatedly surfaced in cybercrime investigations across India.
Main APK Developer Arrested From Moving Train
Police identified the main APK developer as Purnanand alias Mukesh Tiwari.
In a dramatic operation, law enforcement officials arrested him from a moving train travelling from Kolkata to Sairang. The arrest was carried out with assistance from the Railway Protection Force.
Investigators believe Tiwari played a central role in designing and managing the fraudulent applications used to compromise victims’ mobile phones.
Police said the gang had developed fake applications that closely resembled legitimate service platforms, making it easier to deceive unsuspecting users.
Read also: Mythos Threat Is ‘Real,’ Says Expert as SEBI Moves to Strengthen Markets Against AI Cyber
Two More Operatives Arrested in Jharkhand
Apart from the alleged mastermind, investigators arrested two additional accused during the operation in Jharkhand.
The first accused, identified as Vikas Das, was allegedly responsible for distributing malicious APK links to nearly 400 individuals.
Police claimed that Das played a major role in expanding the scam network by circulating infected links through messaging applications and communication groups.
Another accused, Sitaram Mandal, was allegedly involved in supplying debit card and credit card information that helped the gang siphon off stolen funds.
Authorities said the arrests exposed a coordinated network where different individuals handled separate stages of the cyber fraud operation, including application development, distribution, financial transfers, and laundering of stolen money.
Fraud Network Used Fake KYC, Electricity and RTO Apps
During the investigation, cybercrime officials discovered that the gang had built an automated system for generating fake applications.
According to investigators, the fraudulent APK files were created using a private Telegram bot channel that enabled the gang to quickly produce apps impersonating multiple services.
These fake applications reportedly included bank KYC update apps, electricity bill payment platforms, and RTO-related notices.
Police said the accused used these familiar service categories to create panic and pressure victims into downloading the applications immediately.
Once users installed the APK files, the malicious software allegedly began collecting sensitive financial information from the device without the victim’s knowledge.
Malware Secretly Accessed Banking Credentials
Investigators revealed that the malicious apps were capable of secretly extracting banking IDs, passwords, and OTPs stored or entered on infected devices.
Officials stated that the applications operated remotely and allowed the accused to gain extensive access to victims’ smartphones.
The fraud system reportedly became even more dangerous because it automatically forwarded infected APK links to contacts stored on the victim’s device.
According to police, the malicious links were also circulated across WhatsApp and Telegram groups connected to the infected user.
This mechanism enabled the scam to spread rapidly and exponentially across large numbers of users within a short period of time.
Authorities believe the network managed to target thousands of individuals using this chain-reaction method.
Read also: Banking bottlenecks slow cybercrime investigations
Gang Allegedly Used SBI YONO Cash Withdrawal Feature
Police investigations further revealed that the gang allegedly used SBI’s YONO cash cardless ATM withdrawal feature to withdraw stolen money.
Officials said the method helped the accused avoid leaving behind a direct digital trail while laundering the proceeds obtained through cyber fraud.
Investigators suspect that the fraudsters carefully structured their operations to minimise traceability and complicate financial tracking efforts by authorities.
The Cyber Crime Branch stated that the gang’s operations demonstrated a high level of organisation and technical sophistication.
Authorities are now examining whether additional suspects were involved in the wider network.
Cybercrime Officials Continue Probe
Police officials said the investigation remains ongoing as authorities continue analysing seized digital evidence and financial transactions linked to the accused.
Cybercrime experts are also working to identify additional victims who may have downloaded the malicious APK files circulated by the gang.
Investigators are expected to examine communication channels, payment routes, and Telegram-based systems allegedly used by the accused during the operation.
Officials have urged citizens to remain cautious while downloading applications received through messaging platforms and advised users to verify all payment or KYC-related notifications directly with official service providers.

I am a versatile content writer from the MP region, covering politics, business, crime, current affairs, entertainment, video games, and sports with clear insights, engaging analysis, and timely, reader-focused updates.









