Trending Now

25 Jun 2026
LIVE
Get it on Google Play Download on the App Store
  1. Home
  2. National
  3. Gujarat Police bust Jamtara gang-linked APK fraud network, accused arrested

Gujarat Police bust APK fraud gang with Jamtara links, 3 arrested

Share:
Audio Loading voice…
Gujarat Police bust APK fraud gang with Jamtara links, 3 arrested

Synopsis

A Jharkhand developer allegedly ran a ₹40–50 lakh-a-month malware subscription service, selling fake-bank APK files to 300–400 clients monthly via a Telegram bot — until Ahmedabad police tracked him down on a moving train by a tattoo on his hand. The bust exposes a new exploitation of SBI's YONO Cash service that let fraudsters drain accounts from any state at ATMs across the country.

Key Takeaways

Ahmedabad Cyber Crime Branch arrested three accused on 25 June linked to a Jharkhand-based APK fraud network.
Alleged developer Purnanand alias Mukesh Tiwari, 28 , of Giridih, Jharkhand , was caught on a moving train near Kishanganj with RPF assistance.
The network reportedly earned ₹40 lakh to ₹50 lakh per month by selling malicious APK subscriptions at ₹12,000/month to 300–400 clients .
Fake APKs impersonated at least 18 banks , RTO e-challan systems, electricity services, and other trusted entities.
Police uncovered a new misuse of SBI's YONO Cash cardless ATM facility to move fraud proceeds across states.
The gang is linked to 12 cyber complaints and 5 FIRs in Ahmedabad, with total alleged fraud of nearly ₹70 lakh .

The Ahmedabad Cyber Crime Branch on Thursday, 25 June arrested three alleged members of a Jharkhand-based cyber fraud network accused of developing and distributing malicious Android Application Package (APK) files that enabled criminals to hijack mobile phones and siphon money from bank accounts across India. The operation exposed a sophisticated subscription-based malware marketplace reportedly generating between ₹40 lakh and ₹50 lakh per month.

How the Fraud Operated

The case was triggered when Naresh Sabnani, a resident of the Hansol area in Ahmedabad, received a WhatsApp message falsely claiming to be from Sabarmati Gas Limited, warning that his gas connection would be cut unless he updated a pending bill. The message directed him to download an application named 'Sabarmati Gas Bill Update.apk'. After installing the file, Sabnani's phone was compromised and ₹6,68,914 was withdrawn from his HDFC Bank account through a series of fraudulent transactions. He subsequently filed a complaint with the 1930 Cyber Helpline and the Cyber Crime Police Station.

Once installed, the malicious applications gained unauthorised access to SMS messages, contacts, call logs, notifications, and banking credentials — enabling fraudsters to intercept OTPs, capture login details, and conduct remote banking transactions. Investigators also found that the APK files were designed to self-propagate: after infecting a device, the file was automatically forwarded to all WhatsApp and Telegram contacts of the victim, functioning, according to police, 'like a chain reaction.'

The Accused and Their Roles

The alleged primary developer, Purnanand alias Mukesh Tiwari, 28, of Giridih district, Jharkhand, was apprehended from a moving train near Kishanganj with the assistance of the Railway Protection Force (RPF). According to police, Tiwari had fled Mumbai upon learning that investigators had arrived there in search of him, and was identified by a tattoo on his hand. Two associates — Vikas Das, 33, and Sitaram Nakul Mandal, 26 — were also arrested. All three are from the Giridih-Jamtara belt of Jharkhand and reportedly knew each other personally.

Investigators said Tiwari allegedly developed the APK tools and operated a Telegram bot through which the malware was marketed to other cybercriminals. The bot offered options including 'Download APK File', 'Purchase New APKs', and 'Renew Existing APKs'. Tiwari reportedly sold subscriptions at ₹12,000 per month, serving between 300 and 400 clients monthly. Templates impersonated at least 18 banks — including SBI, Bank of India, Bank of Baroda, Axis Bank, and IndusInd Bank — as well as RTO e-challan systems, electricity services, and even wedding invitations.

Vikas Das allegedly acted as a distributor, collecting payments via SBI's YONO Cash cardless ATM withdrawal facility and physically delivering the proceeds to Tiwari, retaining a commission of ₹3,000 per transaction. Sitaram Mandal reportedly supplied APK files to other fraudsters and arranged debit and credit card details used to move fraud proceeds.

A New Misuse of SBI YONO Cash

Police highlighted what they described as a previously undocumented exploitation of SBI's YONO Cash service, which permits ATM withdrawals without a physical debit card. Investigators said this allowed fraudsters to withdraw money from accounts held anywhere in India — including Assam and Guwahati — at ATMs in cities such as Surat, making the trail harder to trace. 'Even if an account belonged to someone in Assam or Guwahati, money could be withdrawn in Surat,' a senior official said.

Scale of the Operation

The Ahmedabad Cyber Crime Branch has so far linked the gang to 12 complaints on the National Cyber Crime Reporting Portal and 5 FIRs in Ahmedabad, with alleged fraud totalling nearly ₹70 lakh. Individual victim losses ranged from approximately ₹5.19 lakh to ₹15 lakh. The case was registered under Sections 319(2), 318(4), 61(2)(A), and 54 of the Bharatiya Nyaya Sanhita, 2023, and Sections 66(C), 66(D), 43, and 66 of the Information Technology Act.

All three accused have prior cybercrime records. Tiwari had allegedly been arrested twice previously in electricity bill fraud cases in the Jamtara belt before graduating to APK-based tools in August 2025. Das is reportedly wanted in two cybercrime cases in Prayagraj, Uttar Pradesh, while Tiwari and Mandal face multiple cases in Giridih. Investigators believe the gang's APK files were used in frauds across several states and say the full scale of the operation is still being determined.

Police Advisory to the Public

Senior officials urged citizens to install applications only from official app stores, never download APK files received via WhatsApp, social media, or SMS from unknown sources, and to immediately call 1930 or approach the nearest police station if a suspicious file has already been downloaded. 'An APK file can appear in the name of a wedding invitation, an RTO notice, a bank service or any other trusted service. The identifying feature is the .apk extension,' an official said. As investigations continue, police say they expect to identify further members of the network and map its reach across states.

Point of View

Complete with a Telegram storefront and monthly renewal plans. The Jamtara belt has long been India's cybercrime nursery, but the pivot from OTP-based voice fraud to sophisticated APK tools marks a clear capability upgrade. What is underreported is the YONO Cash angle — a legitimate banking convenience feature now weaponised for cardless, cross-state money mules. If this exploitation is as widespread as investigators suggest, it warrants a systemic response from SBI and the RBI, not just police action at the edges.
NationPress
25 Jun 2026

Frequently Asked Questions

What is APK fraud and how does it work?
APK fraud involves sending victims a malicious Android Application Package (.apk) file disguised as a trusted service — such as a bank KYC update, electricity bill payment, or even a wedding invitation. Once downloaded, the app gains access to SMS messages, OTPs, banking credentials, and contacts, allowing fraudsters to conduct unauthorised transactions and forward the malware to the victim's contacts automatically.
Who were the three accused arrested by Ahmedabad Cyber Crime Branch?
The three arrested are Purnanand alias Mukesh Tiwari (28), the alleged APK developer from Giridih, Jharkhand; Vikas Das (33), who allegedly distributed APK files and handled cash via SBI YONO Cash; and Sitaram Nakul Mandal (26), who reportedly supplied APK files to other fraudsters and arranged card details for moving proceeds. All three are from the Giridih-Jamtara belt of Jharkhand.
How much money did the accused allegedly earn from the APK fraud operation?
According to police, the alleged developer sold APK subscriptions at ₹12,000 per month to between 300 and 400 clients monthly, generating an estimated ₹40 lakh to ₹50 lakh per month. The gang has been linked to total alleged fraud of nearly ₹70 lakh across 12 complaints and 5 FIRs in Ahmedabad alone.
How was SBI's YONO Cash service misused in this fraud?
Investigators found that fraudsters exploited SBI's YONO Cash facility — which allows ATM withdrawals without a physical debit card — to withdraw money from victims' accounts at ATMs in cities far from where the accounts were held. This allowed proceeds from accounts in states like Assam to be withdrawn in Surat, complicating the money trail.
What should people do if they have downloaded a suspicious APK file?
Police advise immediately calling the cybercrime helpline at 1930 or visiting the nearest police station. Citizens should only install apps from official app stores (Google Play Store or Apple App Store), never download .apk files received via WhatsApp, SMS, or social media from unknown sources, and never share OTPs or banking credentials with anyone.
Tags: ahmedabad cyber crime branch APK fraud arrest jamtara gang APK malware india 2025 malicious APK file bank fraud jharkhand SBI YONO cash fraud new misuse cyber fraud telegram bot APK subscription cyber fraud news APK fraud news Jamtara gang news Ahmedabad police news cybercrime news
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 3 days ago
  2. 1 month ago
  3. 1 month ago
  4. 1 month ago
  5. 4 months ago
  6. 6 months ago
  7. 9 months ago
  8. 11 months ago

Follow Us

Popular Posts

Categories

City Pulse

Today's news, sorted by city.

Mumbai Delhi Bengaluru Chennai Kolkata Hyderabad Pune Ahmedabad Jaipur Lucknow Chandigarh Kochi
View all cities ›

Tags

Modi News IPL 2025 Sensex News Technology News Health News Sports News Rahul Gandhi News
Google Prefer NP
On Google