🚨 Cyber Scam Alert: Fake mParivahan App Draining Bank Accounts Across India

Nivas KanniahNivas Kanniah
4 min read

A serious cyber threat is making the rounds in India, especially across Tamil Nadu and Kerala. It’s not a virus on your computer, not some deep web mystery — it’s right inside your phone, and it’s stealing money from unsuspecting users like wildfire.

In this article, I want to break down what the scam is, how it works, real impact on victims, and more importantly — how to protect yourself and your loved ones.


📲 What’s Happening?

Scammers are sending fake WhatsApp messages that look like official traffic violation alerts. The message usually says:

“You have a pending traffic fine. Download the app to check details.”
And then they give a file called: mParivahan.apk

This is where the trap begins.


❌ This Is NOT the Real mParivahan App

Let me be clear:
The official mParivahan app from the Ministry of Road Transport and Highways (MoRTH), Government of India, is available only on the Google Play Store and Apple App Store.

The .apk file being circulated on WhatsApp is a fake, created by cybercriminals. It’s filled with malware and spyware.

This rogue app doesn’t just display fake fines — it quietly takes control of your phone, monitors your messages, and eventually steals your money.


🧠 How This Scam Works (Step-by-Step Breakdown)

  1. Social Engineering:
    You receive a WhatsApp message that triggers fear or urgency — like a government fine.

  2. Malicious APK:
    The message links to an .apk file. You download it, thinking it’s an official app.

  3. Permissions Trap:
    During installation, the app asks for permissions like:

    • SMS access (to read OTPs)

    • Accessibility access (to control your device)

    • Internet access (to exfiltrate data)

  4. Bank Account Compromise:
    Once installed, the app:

    • Reads your bank OTPs silently

    • Opens and interacts with banking apps without your knowledge

    • Transfers money out of your account


📉 Real Victims, Real Losses

As of recent reports, more than 575 people have lost money to this scam. Some lost small amounts, others lost their entire life savings.

What’s scary?
Many didn’t even realize the money was gone until it was too late. The malware works quietly, without triggering usual bank fraud alerts.

This isn’t just about one fake app. It’s about a growing trend where fake government apps are being used to:

  • Steal identity

  • Gain remote access

  • Break 2FA security

  • Drain financial accounts


🔐 How to Protect Yourself (And Your Family)

This part is critical — especially for non-tech users, elders, or anyone new to smartphones.

✅ DO:

  • Only install apps from Google Play Store or Apple App Store

  • Double-check any message claiming to be from a government source

  • Enable two-factor authentication (2FA) for all bank and email accounts

  • Educate elders and non-technical users around you

  • Report such messages to cybercrime.gov.in or local police cyber cells

❌ DON’T:

  • Don’t download .apk files from unknown sources

  • Don’t believe every WhatsApp message — verify it independently

  • Don’t give accessibility or SMS permissions to unknown apps

  • Don’t ignore strange activity on your phone or bank app


📣 Spread the Word — Awareness is Your Best Firewall

We’re living in an age where scams evolve faster than security patches.

And let’s be honest — not everyone around us is tech-savvy. Our parents, relatives, and even college-educated peers may not think twice before clicking a link that looks "official."

So I urge you:

🔁 Forward this article
📲 Explain it to someone non-technical
👨‍👩‍👧‍👦 Talk to your family about fake apps and phone safety
🗣️ Discuss these scams openly in your community


🧠 Final Thoughts from a Cybersecurity Learner

I’m still learning the ropes in cybersecurity — but this much is clear:

Cybersecurity isn’t only about firewalls or complex algorithms.
It’s about awareness, vigilance, and community defense.

The next time someone sends you an APK over WhatsApp, ask yourself:
“Would the Government really send files this way?”
(Answer: No. Never.)

Let’s not be the easy target these scammers are hoping for.

Stay alert. Stay safe.
Nivas Kanniah

0
Subscribe to my newsletter

Read articles from Nivas Kanniah directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Nivas Kanniah
Nivas Kanniah

I’m Nivas Kanniah, a Technical Support Professional currently working on the National e-Vidhan Application (NeVA) project for the Puducherry Legislative Assembly, under Nimbus Systems Pvt Ltd. With a strong foundation in IT support, I specialize in on-site troubleshooting, user assistance, and system optimization in government-led digital transformation initiatives. 👨‍💼 Professional Experience 🚀 Nimbus Systems Pvt Ltd (Jan 2025 – Present) Role: Technical Support Professional Location: Puducherry, India (On-site) While my official designation centres on technical support, I have taken on multiple cross-functional responsibilities: 📊 Analyst (since Mar 2025): Analyse operational reports and system performance. 🖥 NeVA Module Trainer: Deliver internal training on module functionalities. 🧠 Team Skill Developer: Conduct knowledge-sharing sessions. 🛠 Technical Issue Resolver: Handle escalations with core development teams. I actively contribute to the Digital India mission by ensuring efficient deployment and adoption of NeVA modules in legislative operations. 🛠 Lenovo (Nov 2022 – Internship) Gained first-hand exposure to lean manufacturing, quality control, and industrial workflow during a short internship at Lenovo’s production unit in Puducherry. 🎓 Education 🎓 B.Tech in Computer Science and Engineering Manakula Vinayagar Institute of Technology (2020 – 2024) Graduated with First Class. College Chairperson, Climate Change Wing – Young Indians (Yi) Participated in sustainability initiatives and innovation challenges. 🔐 Cybersecurity Pathway 🛡 Government-Certified Cybersecurity Training (Jun 2025 – Jul 2025) Offered by NIELIT (Ministry of Electronics & IT) Hands-on learning in: Threat analysis Vulnerability scanning Ethical hacking fundamentals Network and system security 📌 What Drives Me I’m passionate about digital transformation, operational excellence, and bridging the gap between complex IT systems and end-user needs. Currently transitioning into cybersecurity and IT infrastructure roles, I’m committed to continuous learning, hands-on application, and community contribution. Let’s connect and grow together in this ever-evolving digital world!