TraceX Labs Issues Warning on Rising Fake mParivahan APK and RAT Malware Attacks in India

The spread of malicious mobile applications is fast emerging as one of the most alarming forms of cyber fraud in India. Investigations by TraceX Labs reveal that cybercriminals are no longer relying on traditional phishing calls. Instead, they are distributing trojanised APK files disguised as legitimate services and using social platforms such as WhatsApp and Telegram to trap unsuspecting citizens.

Cybercriminals have recently launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp. The malware, disguised as NextGen mParivahan, closely mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital access to driving licences, vehicle registration certificates, and other transport services.

The attack begins with unsuspecting users receiving WhatsApp messages claiming to be official traffic violation alerts. These messages are crafted with convincing details, including ticket numbers and vehicle registration information, to appear genuine. Once the victim clicks the link, they are prompted to download what seems to be the official mParivahan app. In reality, it is malicious software engineered to steal sensitive data.

This is not the only disguise fraudsters are using. Examples identified by TraceX Labs include apps falsely named RTO Challan, E-Challan APK, Wedding Invitation, and even adult-themed applications such as Bhabhi Calling or Video Call APKs. Once installed, the malware quietly embeds itself in the phone and uses the victims own contacts and group chats to spread further. The infected device effectively becomes a trusted messenger, fuelling a chain reaction of infections that ripple through WhatsApp and Telegram communities.

A cybersecurity analyst at TraceX Labs explained the pattern: Fraudsters no longer rely on random cold calls. They exploit trust within personal networks to spread malware. Our investigation shows scam hubs across India are playing a leading role in orchestrating these operations.According to the firms findings, crores of rupees have already been siphoned off through these campaigns.

At the core of these malicious applications are Remote Access Trojans (RATs) specialised malware that grants attackers complete control over the infected device. Once installed, a RAT can intercept SMS messages, including OTPs, manipulate mobile banking apps, harvest personal data, and even remotely activate the microphone or camera. This enables fraudsters not only to steal money directly but also to misuse digital identities for loan frauds or other crimes.

The financial damage can occur within minutes. A user, believing they are downloading a government service or utility, grants permissions requested by the app. These often include access to SMS, storage, and accessibility services. With such permissions in place, attackers can seamlessly monitor and drain accounts while the victim remains unaware until it is too late.

TraceX Labs notes that the rapid spread of these APKs through WhatsApp and Telegram has made the problem especially difficult to contain. Because download links arrive from a known contacts number, the apps appear legitimate. This social engineering tactic makes users less cautious, creating a dangerous cycle of infections that spreads quickly through communities.

Public awareness is key to breaking this chain. TraceX Labs urges citizens never to download applications from third-party links or unverified sources. Instead, they should rely only on trusted app stores such as Google Play or Apples App Store. Users should be wary of apps that request unnecessary permissions, especially those related to SMS and accessibility services. Installing a reliable antivirus scanner, keeping devices updated with the latest patches, and reviewing app permissions regularly are essential preventive steps.

For those who suspect they may have installed a malicious app, swift action can reduce losses. Removing the application immediately, resetting banking credentials, and temporarily disabling UPI transactions are strongly advised. Victims should report incidents by calling the national cyber helpline at 1930 or by filing a complaint at cybercrime.gov.in.

TraceX Labs continues to work with law enforcement agencies and victims to investigate these attacks. The firms analysts warn that while such scams are being operated from multiple parts of the country, certain hubs remain especially active. Their conclusion is unequivocal: the age of cold-call phishing has given way to a far more insidious threat trojanised APKs spreading through personal networks. Staying vigilant, questioning every unsolicited download, and practising strict digital hygiene remain the best defences for Indian citizens.