Rise in Android Package Kit (APK) Fraud

Syllabus; GS3/Cybersecurity

Context

• Banks have issued a new warning for customers to stay vigilant against Android Package Kit (APK) frauds. 

Android Application Package (APK) fraud

• APK fraud is a phishing scam where criminals send malicious Android Application Package (APK) files to trick users into downloading and installing them, often by impersonating trusted entities like banks or government officials. 
• Once installed, these fraudulent apps gain control of the user’s device, stealing financial information (including OTPs and PINs), and conducting unauthorized transactions without consent.
• Once in circulation, the same APK file is reused with minor modifications in the interface,  allowing it to bypass detection even after earlier versions are blacklisted.

Reasons for increase in Cybercrime

• Rapid Digitalization: With a growing number of individuals and businesses relying on the Internet and digital technologies there are more opportunities for cybercriminals to exploit vulnerabilities.
• Inadequate Cybersecurity Infrastructure: In India the cybersecurity infrastructure is still developing. Many organizations, especially smaller businesses, may not have robust cybersecurity measures in place, making them easy targets for cybercriminals.
• Insider Threats: Insider threats, where employees or individuals with access to sensitive information misuse it for malicious purposes, are a significant concern in India, particularly in the corporate sector.
• Payment Systems Vulnerability: With the rise of digital payments and online transactions, there is an increased risk of financial crimes such as phishing, credit card fraud, and online scams.
• Low digital literacy: Lower awareness among the general public and digital gaps amongst nations create an unsustainable environment in the cyber domain.
• Vulnerable population: Many senior citizens aren’t aware of using UPI (features) and they fall prey to online scams.

Government steps for Cybersecurity

• Information Technology Act, 2000: Section 43, 66, 70, and 74 of the IT Act, 2000 deal with hacking and cyber crimes.
• Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on a regular basis. 
• National Cyber Coordination Centre (NCCC) has been set up to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious programs and provides free tools to remove the same.
• Chakshu Facility: It is a newly introduced feature on the Sanchar Saathi portal that encourages citizens to proactively report suspected fraudulent communications received via call, SMS, or WhatsApp.
• Indian Cyber Crime Coordination Centre (I4C): It was established in 2018 under the Central Sector Scheme within the Cyber and Information Security Division of the Ministry of Home Affairs.
• It provides a framework and eco-system for Law Enforcement Agencies (LEAs) to deal with Cybercrime in a coordinated and comprehensive manner.

Way Ahead

• Enhance investment in advanced threat detection systems, AI-driven monitoring, and secure digital payment gateways to reduce vulnerabilities.
• Expedite implementation of the Digital Personal Data Protection Act, 2023 to secure user information and reduce misuse of leaked databases.
• Conduct large-scale public campaigns, especially targeting vulnerable groups like senior citizens, to promote digital literacy and safe online practices.

Source: TH