Attention! Fake DigiLocker apps can drain your bank accounts
What's the story
Security researchers have flagged the re-emergence of fake DigiLocker apps on the Google Play Store. These malicious applications disguise themselves as official government services, tricking users into downloading them. Once installed, they can access sensitive information stored on smartphones and even siphon off money from bank accounts. The fraudulent apps mimic official branding and request suspicious permissions like SMS access and screen recording capabilities.
Modus operandi
How do these fake apps operate?
The fraudulent apps start by asking for permissions that are unnecessary for a document app, like access to SMS and calls. They then prompt users to "verify" their identity using Aadhaar, PAN, or phone number. Once this information is provided, the apps can read OTP messages or even record what you type on your screen. In some cases, users have been redirected to fake UPI or banking pages that look almost identical to the real ones.
Trust exploitation
Why are these scams so effective?
The effectiveness of these scams lies in the trust people have in DigiLocker, a real and widely-used government service. Many users don't approach it with suspicion, making them more vulnerable to such attacks. Often, people only realize something is wrong when they see an unrecognized debit in their bank app. To avoid falling victim to these scams, users should always check the developer's name and look for slight discrepancies in app names or email addresses that don't look official.
Immediate action
What to do if you have installed a fake app?
If you suspect you have installed one of these fake apps, don't open it again. Instead, switch off your internet connection and uninstall the app. Check your bank and UPI apps immediately for any unauthorized transactions. Also, change your passwords from another device and report the incident to your bank as soon as possible. If money has been stolen, file a complaint on the cybercrime portal for further investigation.