APK Scam Alert: How One File Gives Attackers Your Money

On March 7, 2026, a retired man from Wadala, Mumbai received a WhatsApp call. The caller said he was from the gas company. The bill of ₹550 was overdue. The connection would be cut within hours unless he acted immediately.

The man panicked. He had savings. He had a wife. They depended on that gas connection every day.

He did what the caller asked. He downloaded a file. He entered his card details. By the time he realised what had happened, ₹12.25 lakh had vanished from his and his wife's joint account.

This is happening across Mumbai right now — every single day. Nearly ₹1 crore stolen in the past month alone. And the weapon is something most people have never heard of: an APK file.

What Is an APK File — And Why Is It So Dangerous

Every app on your Android phone — WhatsApp, Google Pay, your banking app — was installed as an APK file. APK stands for Android Package Kit. It is the format Android uses to install applications, the same way Windows uses .exe files.

When you download an app from the Google Play Store, Google has reviewed it for safety. But APK files can also come from anywhere else — a WhatsApp message, a link, an email. When you install an APK from outside the Play Store, you are installing software with zero safety checks. Whatever that software does — reading your messages, watching your screen, controlling your phone — it can do it silently, invisibly, without your knowledge.

That is exactly what the scammers are sending you.

The APK file named "Mahanagar Gas Bill Update.apk" is not a bill. It is not an update. It is a spy app that hands complete control of your phone — and every account on it — to a stranger.

How the Scam Works — Step by Step

Step 1 — The threatening message arrives

Victims first receive an SMS or WhatsApp message claiming their gas bill is overdue and their connection will be cut within hours. The message looks official. It may show the MGL logo. It uses urgent language — "immediate action required," "disconnection within 2 hours." It creates panic before you have time to think.

Step 2 — The friendly "company official" calls

Minutes later, a call arrives. The caller sounds professional, calm, and helpful. He says he is calling from Mahanagar Gas to help you resolve the issue before the disconnection happens. He has your name. Sometimes he even has your consumer number — obtained from public records or purchased from data brokers.

Step 3 — The tiny payment to build trust

The scammer asks for a nominal ₹10 or ₹12 "system update" fee. This small payment serves two purposes. First, it makes the whole interaction feel real — a genuine company would ask for payment, right? Second, it gets you into the habit of following his instructions. The small payment is not the crime. It is the setup for it.

Step 4 — The APK file arrives on WhatsApp

The caller then sends an APK file — named something like "MGL-Gas-Bill-Update.apk" or "BILL_UPDATE.apk." He tells you this is the "verification tool" or "bill update app" you need to install to complete the process. He stays on the phone and guides you through the installation step by step, making sure you do not give up.

Step 5 — Your phone is theirs

The moment you install the APK, the scammer has full access to your phone. It functions as a screen-sharing or data-logging tool — the scammer can see everything you type, everything on your screen, in real time. He then asks you to enter your card details or banking credentials "to verify the payment." He watches as you type. Within seconds, he has everything he needs.

Step 6 — Your account is drained in minutes

Once Mitul Doshi, a 20-year-old businessman from Mulund West, downloaded the file and entered his banking credentials, the fraudsters gained unrestricted access to his phone and transferred ₹11.82 lakh out of his account within minutes. In Malad East, a 75-year-old retired man lost ₹8.59 lakh in just 20 minutes after downloading the same type of file.

Why Elderly People and New Tenants Are Targeted

This is not random. The syndicate is organised and strategic about who it targets.

Senior citizens are targeted because they are less familiar with how apps work, more likely to panic at the threat of losing essential services, and more likely to have significant savings. A 67-year-old trader lost ₹7.79 lakh in six transactions after installing an app sent via a fake WhatsApp message about a gas bill.

New tenants are targeted because they genuinely do not know whether their gas account is set up correctly. It is suspected that the scammer may have obtained information about the victim's recent move through local sources, using her status as a new tenant to add a layer of legitimacy to the fake bill claim. If you just moved into a flat, a message about your gas bill being "not updated" sounds completely plausible.

The One Thing That Saved Someone

In Andheri East, a woman named Reena Patil had set a daily transaction limit of ₹5,000 on her debit card because she rarely used it. This simple security measure saved her from losing lakhs — the scammer could only take ₹5,000 before hitting the limit.

And in the same incident, the scammer tried to target another person — her former tenant — but he used an iPhone. iOS software did not allow him to install the APK file, and he was saved instantly.

Two things protected people: a daily limit on card transactions, and using an iPhone. One of these you can set up right now.

What To Do Right Now

If you have an Android phone — set a daily transaction limit today. Go to your bank's mobile app or call your bank and ask them to set a daily UPI and debit card transaction limit. Even ₹5,000 can be the difference between losing a small amount and losing your life savings.

Never install an APK file sent on WhatsApp — ever. No gas company, electricity board, water authority, bank, or government department will ever send you an APK file. Ever. If someone sends you one, they are a scammer. Delete it and block the number.

Hang up and call MGL directly. If you receive a call about your gas bill, hang up. Do not call back the number that called you. Call MGL's official helpline: (022) 68674500. They will tell you in seconds whether your bill is actually overdue.

Never share OTPs on a call. No official will ever ask for OTPs or banking credentials over a phone call. The moment someone on a call asks for your OTP, PIN, or card number — it is a scam. End the call immediately.

The ₹10 payment is the trap — not the goal. The small payment exists to build your trust and get you following instructions. Paying it does not mean the call is legitimate. Stop as soon as you realise an APK file is involved.

If it has already happened — call 1930 immediately. The National Cyber Helpline at 1930 can help freeze fraudulent transactions if you act quickly. Also call your bank directly and ask them to freeze your account. Speed matters — every minute of delay allows the scammers to move your money further away.

This scam follows the same social engineering pattern we covered in our Digital Arrest post — attackers creating artificial panic about an urgent problem, then guiding victims step by step into handing over access. The technique is identical, only the lure changes:

→ Digital Arrest: Hacking the Human Operating System

And if you want to understand how the APK malware that gets installed actually works — how attackers gain remote control of Android phones through seemingly innocent apps — our DarkSword iOS post covers the exact same attack logic applied to iPhones:

→ DarkSword iOS Exploit: The Zero-Click iPhone Hack Explained

The ZyberWalls Perspective

This scam works because it attacks something real — the fear of losing an essential service. Gas is not optional. Cooking is not optional. The threat of disconnection in a household with elderly parents or young children creates exactly the kind of panic that short-circuits rational thinking.

The scammers know this. They are not technical geniuses. They do not need to be. They need one thing: for you to install that file before you stop to think. The entire operation — the urgent message, the helpful caller, the tiny payment, the guided installation — is designed to keep you moving forward without pausing.

The pause is your protection. Before you install anything, before you enter any details, before you make any payment — hang up. Take five minutes. Call the official number. Speak to someone you trust. That five-minute pause is worth more than any security software.

MGL will never send you an APK file. No legitimate company ever will.