Nagpur: What looks like a cheerful wedding invite arriving on a smartphone is increasingly turning into a digital trap for unsuspecting users. Cyber fraudsters have begun exploiting social emotions by circulating fake wedding invitations in the form of Android application files (APK), a tactic that has already affected several residents in Nagpur.
Unlike regular electronic invitations that come as images, videos or PDF files, these deceptive invites prompt recipients to download and install an application. Once installed, the file quietly compromises the device. Victims in the city have reported unusual phone behaviour, rapid exhaustion of mobile data and, in more serious cases, unauthorised withdrawals from bank accounts after opening such invitations.
Gold Rate
05 Jan 2026
Cyber security experts warn that APK-based wedding cards are fast emerging as one of the most dangerous entry points for malware on Android phones. Disguised under names such as WeddingCard.apk or Shaadi_Invite.apk, these files persuade users to manually allow installation from unknown sources. “The moment a user installs the APK, the phone’s built-in security layers are effectively bypassed,” an expert said.
The application initially appears harmless, but in the background it injects malicious code that grants attackers extensive control over the device. The malware typically seeks permissions that appear routine — access to messages, contacts, call logs, storage and overlays. The most critical among these is accessibility permission, which allows fraudsters to monitor on-screen activity, simulate user actions and intercept UPI and other financial transactions in real time.
In most cases, users unknowingly grant these permissions, believing the app is merely a digital invitation. Once active, the malware hides its icon, runs silently and connects to remote command servers. From there, sensitive information is siphoned off, including screen activity during banking transactions, while the phone continues to function normally, delaying suspicion.
Experts explained that the attack often unfolds in stages. The initial infection is followed by data theft and financial fraud, after which additional malicious components may be downloaded. In some cases, the final phase involves locking the phone or encrypting data and demanding a ransom. “By the time victims realise something is wrong, the damage is usually done,” the expert noted.
Investigating such cases remains difficult due to the use of offshore servers, proxy networks, temporary domains and cryptocurrency transactions. While international infrastructure is often used, authorities say several cases in India involve local operators coordinating with handlers abroad.
Confirming the trend, Deputy Commissioner of Police Lohit Matani, who heads the Nagpur Cyber Cell, said multiple complaints related to APK-based scams have been reported in the city. “The nature of cybercrime remains the same; only the techniques keep evolving. Early reporting is crucial in such cases,” he said while talking to a local daily.
Matani explained that once a complaint is received, cyber experts first focus on completely removing the malware from the affected device. “Only after that do we trace the financial trail and attempt recovery. Any delay drastically reduces the chances of getting the money back,” he added.
How the scam works
Cybercriminals have steadily moved away from fear-based tactics such as fake bank calls or account deactivation threats, as public awareness about such tricks has increased. The latest strategy relies on emotional appeal rather than intimidation.
In this method, victims receive a message or video link labelled “Wedding Invitation,” with the file ending in “.apk.” Although the sender’s number is often unknown, recipients assume it could be from a distant relative or acquaintance and download it to avoid missing a family occasion.
Once the file is opened, the phone may restart with modified settings. The malicious application then grants fraudsters covert access to the device, enabling them to extract messages, contact lists, photos, videos, banking and payment applications such as Paytm or Google Pay, and even social media accounts including WhatsApp, Facebook and Instagram. Personal documents stored on the phone, such as Aadhaar and PAN cards, are also misused for fraudulent activities.
Authorities have urged citizens to remain vigilant, avoid installing APK files received through messages or social media, and report suspicious activity immediately to prevent financial loss.
