If you’re experiencing this problem with this brand or any other company, submit your complaint and we may feature it on Choice4Voice.com.
Submit your complaint →Cybersecurity researcher Rishav Anand exposes a fake SBI WhatsApp scam involving a malicious APK designed to steal banking details. Choice4Voice.com highlights this real case to protect Indian users from advanced Android malware attacks targeting bank customers.
Complaint / Incident Summary Table
SBI WhatsApp Scam 2025 Exposed by Cybersecurity Expert Rishav Anand | Fake APK File Stealing Bank Details
| Details | Information |
|---|---|
| Complainant / Researcher | Rishav Anand |
| Profession | Cybersecurity Trainer, Red Team Expert, Bug Bounty Researcher |
| Incident Type | Bank-related Android Malware Scam |
| Bank Name Used in Scam | State Bank of India (SBI) |
| Method Used by Scammers | Fake WhatsApp message with malicious APK link |
| Analysis Tools Used | JADX, Android Studio, Logcat, MobSF, Wireshark |
| Scam Objective | Steal banking credentials, control Android devices, access SMS and contacts |
| Date of Analysis | November 2025 |
| Reported Platform | |
| Location (Server Trace) | Delhi (Possibly Spoofed) |
| Status | Scam Identified and Publicly Reported |
What Happened – The Fake SBI WhatsApp Scam Explained
Cybersecurity expert Rishav Anand recently shared a real-life analysis of a sophisticated Android malware that is currently circulating through fake WhatsApp messages pretending to be from SBI (State Bank of India).
The message claimed that users needed to “update their Aadhaar” through an attached APK file — a clear attempt to trick victims into installing malware on their phones.
Being a cybersecurity professional, Rishav decided to investigate the file rather than delete it. What he uncovered was alarming — a highly obfuscated and powerful malware campaign designed to steal sensitive banking data, gain full control over Android devices, and silently manipulate communications.
Technical Analysis – What the APK File Really Does
Rishav performed both static and dynamic analysis using several advanced tools, uncovering the following:
1. Obfuscation and Code Manipulation
- The APK used control flow obfuscation to disguise its real function.
- Contained scripts in 12+ languages (Afrikaans, Mandarin, Chinese, etc.) to evade antivirus detection.
2. Dangerous Permissions
- Requested mandatory access to contacts, SMS, and storage.
- Sought VPN and package installation permissions to take complete control over the device.
3. Fake Login Page
- Embedded a fake SBI login interface to steal credentials entered by victims.
- Collected usernames, OTPs, and banking data in real time.
4. Network Activity
- Used IPv6 tunneling to bypass traditional firewalls.
- Wireshark analysis revealed suspicious remote server calls to an IP traced to Delhi (possibly spoofed).
5. Digital Signature Fraud
- The app carried a weak and fake digital signature, proving it wasn’t issued by any official or verified developer account.
Why This Scam Is So Dangerous
Unlike typical phishing scams, this malware operates at system level, granting hackers complete access once installed. It can:
- Steal SMS OTPs to bypass two-factor authentication.
- Intercept all banking notifications.
- Record keystrokes and app activities.
- Use VPN tunnels to transfer your money silently.
- Send messages automatically from your WhatsApp to further spread the scam.
This level of sophistication indicates a coordinated cybercrime operation, possibly involving skilled developers working behind the scenes.
How to Identify and Avoid Similar Banking Scams
1. Verify Before You Click
No bank, including SBI, sends APK files via WhatsApp, SMS, or Telegram. Always visit official websites or apps (Google Play Store only).
2. Check File Extensions
If a file ends with .apk and is sent outside the Play Store, do not install it.
3. Watch for Permissions
During installation, if an app asks for unusual permissions like VPN access or SMS control, cancel immediately.
4. Use Verified Security Tools
Install reliable antivirus software and scan your phone regularly.
5. Report Suspicious Messages
Forward such scam messages to cybercrime@nic.in or report on https://cybercrime.gov.in.
Legal Case Can Be Filed
Victims of this scam can take multiple legal routes for justice and prevention:
| Applicable Law / Authority | Legal Basis |
|---|---|
| Information Technology Act, 2000 | For unauthorized access and theft of personal data. |
| Indian Penal Code, Sections 420 & 468 | For fraud, cheating, and forgery using digital means. |
| Cybercrime Cell (MHA) | For lodging FIRs against unknown cybercriminals. |
| RBI Ombudsman | If the scam leads to unauthorized bank transactions. |
| Consumer Protection Act, 2019 | For deficiency in service if the bank fails to assist in recovery. |
Step-by-Step Guide to Report a Cyber Banking Scam
Step 1: Report on Cybercrime Portal
Visit https://cybercrime.gov.in → Click Report Other Cyber Crimes → Select Online Financial Fraud.
Step 2: Inform Your Bank Immediately
Contact your bank’s fraud reporting department within 24 hours.
Email Example for SBI: epg.cms@sbi.co.in
Step 3: File FIR (Offline)
Visit your nearest Cyber Police Station and submit all evidence — screenshots, messages, and transaction details.
Step 4: Escalate to RBI Ombudsman
File an escalation on https://cms.rbi.org.in if your bank fails to respond.
Pre-Drafted FIR / Complaint Template
Subject: Fraudulent WhatsApp Message Posing as SBI – Malicious APK Installation Attempt
Dear Sir/Madam,
I received a WhatsApp message claiming to be from State Bank of India (SBI) asking me to update my Aadhaar using an attached APK file. Upon investigation, it was identified as malware attempting to steal my banking credentials.
I request you to register an FIR under relevant sections of the IT Act (2000) and IPC 420/468 against the unknown perpetrators.
Regards,
[Your Name]
[City, Contact]
How Choice4Voice.com Can Help in Cyber Banking Scams
Choice4Voice.com is committed to supporting victims of digital and financial frauds by:
- Publishing verified scam reports to increase public and regulatory awareness.
- Helping users draft FIRs, Ombudsman complaints, and cyber reports correctly.
- Collaborating with cybersecurity professionals like Rishav Anand to educate consumers on new threats.
- Ensuring complaints reach the right law enforcement and financial authorities for swift action.
If you’ve experienced a similar scam, report your case on Choice4Voice.com to make your voice heard.
About the Expert – Author Section
Rishav Anand is an award-winning cybersecurity researcher specializing in Web, Mobile, Cloud, and IoT VAPT, with expertise in Red Team operations, bug bounty hunting, and DevSecOps.
He is a 4x National Hackathon Winner, CTF Player, and a Cybersecurity Trainer, known for analyzing real-world digital threats. His awareness post on the fake SBI scam serves as a crucial warning for every Indian smartphone user.
Questions About the SBI WhatsApp Scam
Q1. What is the new SBI WhatsApp scam?
It’s a fake message asking users to update Aadhaar through an APK file that installs malware.
Q2. Can banks send APK files via WhatsApp?
No, legitimate banks never send APKs or app links through WhatsApp.
Q3. What happens if you install the fake SBI APK?
Hackers can gain access to your phone, steal SMS OTPs, and make unauthorized transactions.
Q4. How can I check if my phone is infected?
Use antivirus or scan with Google Play Protect and tools like Malwarebytes Mobile Security.
Q5. What is control flow obfuscation?
It’s a technique used by hackers to hide real code logic and evade security tools.
Q6. What should I do immediately if I installed the file?
Disconnect from the internet, reset the phone, and contact your bank to block accounts.
Q7. Can SBI help recover stolen money?
You can file an official complaint; the bank coordinates with cyber police for recovery.
Q8. Where do I report cyber scams in India?
Visit https://cybercrime.gov.in or your nearest cyber police station.
Q9. What tools did Rishav use for analysis?
JADX, Android Studio, Logcat, MobSF, and Wireshark.
Q10. Why was the server traced to Delhi?
It might be spoofed; attackers often hide their real locations.
Q11. Can such malware affect iPhones?
This specific APK targets Android systems only.
Q12. What permissions make an app suspicious?
Access to SMS, contacts, storage, VPN, or package installation.
Q13. Can antivirus detect this malware?
Some antivirus tools may miss it due to its heavy obfuscation.
Q14. Is this scam targeting only SBI customers?
No, similar campaigns may use other bank names like HDFC, ICICI, or Axis.
Q15. Can developers be involved in such scams?
Possibly, as per Rishav’s analysis, due to high sophistication.
Q16. How to protect elderly users from these scams?
Educate them to never click unknown links or install external files.
Q17. What legal action can be taken?
FIR under IT Act, IPC 420/468, and cybercrime reporting.
Q18. Can malware steal passwords from other apps?
Yes, if permissions are granted, it can monitor inputs across apps.
Q19. How to verify an official SBI update?
Check https://sbi.co.in or contact official helpline emails only.
Q20. How can Choice4Voice.com help victims?
By guiding victims in legal filings and exposing fraudulent campaigns publicly.
Final Note:
Choice4Voice.com urges every Indian smartphone user to stay alert and verify all messages claiming to be from banks.
Experts like Rishav Anand play a vital role in protecting public interest by exposing such advanced scams before they cause mass damage.
