TraceX Labs Warns of LPG Scam Surge in India: Fake Booking Links, WhatsApp APK Malware and UPI Fraud Network Exposed

A nationwide alert has been issued as LPG-related cyber scams continue to rise across India, with fraudsters exploiting rumours of a gas shortage to target unsuspecting consumers. Authorities have clarified that there is no actual shortage of LPG, yet panic-driven behaviour is being manipulated through fake messages, links, and calls that appear legitimate. This combination of misinformation and urgency is enabling cybercriminals to carry out highly effective financial frauds.

Reports from multiple states including Maharashtra, Punjab, Odisha, Karnataka, and Uttarakhand indicate a clear and coordinated pattern. Victims are receiving SMS or WhatsApp messages claiming issues with LPG booking, payment failures, or disconnection warnings. These messages often include links to fake websites or instructions to call fraudulent customer care numbers. In many cases, people are tricked into downloading mobile applications disguised as official tools, which ultimately lead to severe financial losses.

Cybersecurity researchers at TraceX Labs have revealed that these scams are no longer limited to basic phishing attempts. Instead, attackers are distributing trojanized APK files embedded with Remote Access Trojans (RATs). Once installed, these malicious applications silently take control of the victims device, enabling attackers to monitor activity, read messages, capture OTPs, and gain access to banking and UPI apps without the users awareness.

What makes this campaign even more dangerous is the use of advanced UPI bypass techniques, where attackers exploit token-based mechanisms to initiate transactions without triggering typical user verification processes. This allows funds to be drained quickly and quietly, often before the victim realizes what has happened. Such techniques are becoming increasingly common in modern mobile-based financial fraud.

Another critical concern highlighted by experts is the chain-based spread of these attacks. After infecting a device, the malware can automatically send malicious links or APK files to the victims contacts through messaging platforms. Since these messages come from trusted sources like friends or family, recipients are more likely to engage with them, unintentionally spreading the infection further. This viral propagation makes the scam difficult to control and significantly increases its reach.

In addition to malware-based attacks, fraudsters are also using fake LPG booking websites that closely resemble official portals, QR code scams promising cashback, and screen-sharing apps to gain remote access to devices. Victims are often convinced that they are completing a routine process, such as booking a cylinder or updating KYC details, while in reality, they are exposing sensitive financial information.

Experts emphasize that this is a well-structured cybercrime operation combining social engineering, malware deployment, and financial exploitation. The attackers rely on fear, urgency, and trust to manipulate users into making quick decisions without proper verification.

To protect themselves, consumers are advised to use only official LPG booking platforms, avoid clicking on unknown links, and never install APK files from unverified sources. Sharing OTPs, UPI PINs, or banking details with anyone should be strictly avoided. Even messages received from known contacts should be treated with caution, as compromised devices can unknowingly spread malicious content.

Authorities are actively working to raise awareness and prevent further incidents. Citizens are urged to remain calm and verify information before taking action. In case of suspected fraud, immediate reporting to the national cybercrime helpline 1930 can help minimize damage.

This surge in LPG scams highlights the evolving nature of cyber threats in India, where attackers are increasingly blending psychological manipulation with advanced technology. Awareness, vigilance, and timely action remain the most effective defenses against such sophisticated frauds.