WhatsApp or SMS from "your bank" tells you to install a KYC update app that silently drains your account
A WhatsApp or SMS appears to be from your bank saying KYC is pending, with a link to install an APK. The app silently steals OTPs, card PINs, and Aadhaar, then empties your account — no phone call needed.
Also known as: fake bank KYC APK, KYCShadow malware, banking trojan WhatsApp, BOI PAN Card APK scam, fake KYC update app fraud
Already happened to you? Do this in the next few minutes
Call 1930 now- 1 Call 1930 — the national cyber-crime helpline — right now. The sooner you report, the better the chance of freezing the money before it moves.
- 2 Call your bank to freeze the account and block the card immediately. Use the number printed on your card, never a number from the message or caller.
- 3 File a report at cybercrime.gov.in and keep every message, screenshot, and transaction ID.
- ! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
What to do right now
- 1 Never install any .apk file received via WhatsApp or SMS — real KYC updates use the official bank app from the Play Store or a branch visit
- 2 If you already installed the app: immediately remove your SIM card and call your bank from a different phone to freeze your account and block UPI
- 3 Factory-reset your Android device to eliminate the malware; do not re-insert your SIM until the reset is complete
- 4 After the reset, change all banking PINs and passwords from a clean device and re-enable 2FA
- 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
- 6 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).
Was remote-access software installed?
If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.
Run SeraphSecure to detect and remove it →Red flags
- ⚠ Your bank will never send an APK (.apk file) on WhatsApp or SMS — real KYC is done in the bank's official app or at a branch
- ⚠ The message creates urgency: 'account will be blocked in 24 hours if KYC is not updated'
- ⚠ The app asks for Aadhaar number, PAN, ATM PIN, and OTP in sequence — real bank apps never collect your ATM PIN this way
- ⚠ After installing, you receive OTP alerts for transactions you did not initiate
- ⚠ The sending number is a regular mobile number, not the bank's official SMS short code or verified WhatsApp Business account
Known variants
-
Fake RBI account suspension APK (June 2026): WhatsApp message impersonating RBI claims 'risk control measures' flagged your account, attaches an APK, demands installation within 3 days to avoid restrictions. RBI only contacts users via two verified blue-tick numbers (99309 91935, 99990 41935). PIB Fact Check warned June 11, 2026.
Last seen: 6/13/2026
-
Fake PM Kisan / PM Awas Yojana APK: WhatsApp or Telegram message claims installing 'PM KISAN.apk' or 'PM Awas.apk' delivers the next ₹6,000 instalment or confirms housing. APK steals OTPs and banking credentials like the KYC variant and self-propagates to all contacts. Nagaland Police and MP Cyber Cell both warned.
Last seen: 6/11/2026
Sources
- CYFIRMA — KYCShadow Android Banking Malware Exploiting Fake KYC Workflows (April 2026)
- Bizzbuzz News — Fake KYC app dupes Ahmedabad woman out of ₹7.46 lakh (May 2026)
- GBHackers — Fake KYC Android Malware Spreads via WhatsApp to Hijack Bank Accounts
- The420.in — Cyber Fraudsters Use Fake Bank KYC Update to Steal Lakhs
- RTI Wiki — Fake KYC Update Scam India: How to Detect, Block, and Recover (2026)
- The420.in — Cyber Trap in the Name of PM-KISAN: Fake APK Links Used to Drain Bank Accounts
- Free Press Journal — MP Cyber Alert: Fake PM Awas, PM Kisan APK Files Are New Fraud Bait
- Newsonair — Nagaland Police issues alert on malicious PM Kisan Yojana APK file circulating across state
- ANI / PIB Fact Check — RBI did not send account suspension notices via APK files on WhatsApp (June 11, 2026)