WhatsApp or SMS from "your bank" tells you to install a KYC update app that silently drains your account
A WhatsApp or SMS appears to be from your bank saying KYC is pending, with a link to install an APK. The app silently steals OTPs, card PINs, and Aadhaar, then empties your account — no phone call needed.
Also known as: fake bank KYC APK, KYCShadow malware, banking trojan WhatsApp, BOI PAN Card APK scam, fake KYC update app fraud
Already happened to you? Do this in the next few minutes
Call 1930 now- 1 Call 1930 — the national cyber-crime helpline — right now. The sooner you report, the better the chance of freezing the money before it moves.
- 2 Call your bank to freeze the account and block the card immediately. Use the number printed on your card, never a number from the message or caller.
- 3 File a report at cybercrime.gov.in and keep every message, screenshot, and transaction ID.
- ! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
What to do right now
- 1 Never install any .apk file received via WhatsApp or SMS — real KYC updates use the official bank app from the Play Store or a branch visit
- 2 If you already installed the app: immediately remove your SIM card and call your bank from a different phone to freeze your account and block UPI
- 3 Factory-reset your Android device to eliminate the malware; do not re-insert your SIM until the reset is complete
- 4 After the reset, change all banking PINs and passwords from a clean device and re-enable 2FA
- 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
- 6 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).
Was remote-access software installed?
If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.
Run SeraphSecure to detect and remove it →Red flags
- ⚠ Your bank will never send an APK (.apk file) on WhatsApp or SMS — real KYC is done in the bank's official app or at a branch
- ⚠ The message creates urgency: 'account will be blocked in 24 hours if KYC is not updated'
- ⚠ The app asks for Aadhaar number, PAN, ATM PIN, and OTP in sequence — real bank apps never collect your ATM PIN this way
- ⚠ After installing, you receive OTP alerts for transactions you did not initiate
- ⚠ The sending number is a regular mobile number, not the bank's official SMS short code or verified WhatsApp Business account
Known variants
-
Telegram bot APK marketplace (June 2026): Jamtara developer sold fake KYC APKs mimicking 18 Indian banks (SBI, HDFC, Axis Bank, BoI, and 14 more) at ₹12,000/month to 300–400 buyer-fraudsters via a Telegram bot. Ahmedabad Cyber Crime arrested the mastermind from a moving train, June 25, 2026.
Last seen: 6/26/2026
-
Fake RBI account suspension APK (June 2026): WhatsApp message impersonating RBI claims 'risk control measures' flagged your account, attaches an APK, demands installation within 3 days to avoid restrictions. RBI only contacts users via two verified blue-tick numbers (99309 91935, 99990 41935). PIB Fact Check warned June 11, 2026.
Last seen: 6/26/2026
-
8th Pay Commission salary APK (2026): WhatsApp forward offers an unofficial '8thPayCommission.apk' claiming to show revised salary slabs or a pay calculator for central government employees. The APK steals banking OTPs and credentials via the same mechanism as the PM Kisan variant; I4C warned government employees to avoid third-party APKs using this pretext.
Last seen: 6/30/2026
-
Fake PM Kisan / PM Awas Yojana APK: WhatsApp or Telegram message claims installing 'PM KISAN.apk' or 'PM Awas.apk' delivers the next ₹6,000 instalment or confirms housing. APK steals OTPs and banking credentials like the KYC variant and self-propagates to all contacts. Nagaland Police and MP Cyber Cell both warned.
Last seen: 6/11/2026
Sources
- CYFIRMA — KYCShadow Android Banking Malware Exploiting Fake KYC Workflows (April 2026)
- Bizzbuzz News — Fake KYC app dupes Ahmedabad woman out of ₹7.46 lakh (May 2026)
- GBHackers — Fake KYC Android Malware Spreads via WhatsApp to Hijack Bank Accounts
- The420.in — Cyber Fraudsters Use Fake Bank KYC Update to Steal Lakhs
- RTI Wiki — Fake KYC Update Scam India: How to Detect, Block, and Recover (2026)
- The420.in — Cyber Trap in the Name of PM-KISAN: Fake APK Links Used to Drain Bank Accounts
- Free Press Journal — MP Cyber Alert: Fake PM Awas, PM Kisan APK Files Are New Fraud Bait
- Newsonair — Nagaland Police issues alert on malicious PM Kisan Yojana APK file circulating across state
- ANI / PIB Fact Check — RBI did not send account suspension notices via APK files on WhatsApp (June 11, 2026)
- Republic World — Cyber Crime cracks APK fraud; mastermind arrested from Jamtara (June 25, 2026)
- Gujarat Samachar — Ahmedabad Cyber Crime busts Jamtara APK fraud gang, mastermind arrested from moving train (June 25, 2026)
- The420.in — Delhi Police Arrest Ten for Rs 26 Lakh Banking Fraud Using Fake APK Files and Bank Impersonation (July 2026)
- The420.in — 18-Month Cyber Hunt Ends as Kolkata Police Nab Mastermind of ₹74 Lakh Vishing+APK Scam (July 2026)