Fake gas company sends a WhatsApp APK for 'KYC update' that silently empties your bank
A caller posing as Bharat Gas, Indane, or HP Gas claims your gas KYC must be renewed, then sends a malicious APK via WhatsApp. Once installed, a RAT gives attackers full device control and drains your bank within minutes.
Also known as: gas KYC APK scam, LPG booking fraud, fake Bharat Gas WhatsApp scam, cylinder KYC update fraud
Already happened to you? Do this in the next few minutes
Call 1930 now- 1 Call 1930 — the national cyber-crime helpline — right now. The sooner you report, the better the chance of freezing the money before it moves.
- 2 Call your bank to freeze the account and block the card immediately. Use the number printed on your card, never a number from the message or caller.
- 3 File a report at cybercrime.gov.in and keep every message, screenshot, and transaction ID.
- ! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
What to do right now
- 1 Do not install any APK file received via WhatsApp or SMS from anyone claiming to represent a gas company
- 2 Verify your gas KYC status only through the official Bharat Gas, Indane, HP Gas, or Mahanagar Gas apps and websites
- 3 If you installed the APK: uninstall it immediately, change your UPI PIN and net-banking password from a different device, and call your bank's fraud line to freeze your account
- 4 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
- 5 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).
Was remote-access software installed?
If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.
Run SeraphSecure to detect and remove it →Red flags
- ⚠ Bharat Gas, Indane, HP Gas, and Mahanagar Gas never send APK files via WhatsApp or SMS for KYC updates
- ⚠ Threats of immediate gas disconnection within 24 hours are a pressure tactic — real disconnections require formal written notice
- ⚠ The APK requests Accessibility Services permission — a major red flag for any gas booking or KYC app
- ⚠ Money leaves your account without any UPI confirmation prompt or PIN entry from your side
Known variants
-
Mahanagar Gas Limited (MGL) bill-disconnect threat via SMS/WhatsApp: victim sent a fake MGL APK (installs a RAT) AND/OR tricked into dialling a USSD call-forwarding code (*21/*67) that routes all bank OTPs to the scammer. 100+ Mumbai/Karnataka victims in 30 days; ₹2.7 crore+ lost.
Last seen: 6/8/2026
Sources
- CyberSecurityNews — Indian Bank Warns Users of Fake LPG Payment and KYC Update Scams
- Hyderabad Police / PingTV — Urgent Warning Against Rising LPG Booking KYC Cyber Frauds
- NewsMeter — Gas KYC APK scam: Fake app can empty your bank account, warns Hyderabad CP Sajjanar
- Free Press Journal — Cyber Fraud in the Name of Gas Services Surges in Mumbai
- Kotak Bank — LPG Fraud Advisory
- The420.in — Fake Mahanagar Gas APK Scam Drains Bank Accounts Using Call Forwarding Tricks
- The Federal — Fraudsters dupe panic-hit gas customers in Mumbai, Karnataka of nearly Rs 3 crore