As New Year celebrations get underway, cybercriminals have unleashed a new WhatsApp scam that is spreading rapidly, using festive greetings to trap unsuspecting users. Cyber experts warn that even clicking on what appears to be an innocent “Happy New Year” message can lead to malware installation and financial loss within hours.
According to cybersecurity professionals, the scam typically begins with a message — either from an unknown number or a hacked contact — asking users to download an attached file to view a New Year greeting card, image or video. The attachment is usually an APK (Android Package Kit) file disguised as a holiday wish. Once installed, the file quietly installs trojan malware that can take control of the phone, exposing personal data and banking applications.
Experts explain that a single click on the malicious file is enough to grant fraudsters remote access to the device. Soon after installation, victims have reported unusual phone behaviour, including apps opening on their own, access to contacts and messages, and in serious cases, unauthorised transactions through UPI apps or bank accounts.
The cybercrime police in Hyderabad have issued a public alert, cautioning users against downloading or installing APK files received via WhatsApp, SMS or email. Officials noted that fraudsters often exploit festive seasons, when people are less cautious and more likely to click on links or files sent with greetings.
An APK file is the format used to install applications on Android devices. Legitimate apps are typically downloaded through the Google Play Store, while APK files received through messages or links involve “sideloading,” which carries significant security risks. Unknown APK files can contain malware designed to steal sensitive information or money.
Cyber experts advise users to remain vigilant and watch out for common red flags, including messages that create urgency or excitement, promise gifts or rewards, contain spelling errors, unsafe links, unfamiliar senders, or requests for OTPs, PINs or bank details. Genuine organisations, they emphasise, never ask for such information.
With digital fraud on the rise, authorities stress that awareness remains the strongest defence. Users are urged not to download files from unknown sources or install APKs received via messages, and to stay cautious online to avoid turning festive cheer into financial distress.
👉 Click here to read the latest Gujarat news on TheLiveAhmedabad.com