Delhi Cyber Police arrest two from Jharkhand in ₹10.52 lakh KYC fraud
Synopsis
A 65-year-old Delhi man lost over ₹10.52 lakh after a fake KYC WhatsApp call tricked him into installing a malicious APK file. Delhi's Cyber Police tracked the trail to Jharkhand, arresting two young men from Dhanbad — and finding five more NCRP fraud complaints linked to their seized phones.
Key Takeaways
Delhi Cyber Police, North-East District , arrested two accused — Amarnath Rabidas, 20 , and Bikash Rabidas, 21 — both from Dhanbad, Jharkhand .
Victim Rakesh Kumar , 65, of Meet Nagar, Delhi , lost ₹10,52,938 after downloading a malicious APK file sent via a fake KYC WhatsApp call on 25 April 2026 .
00095/26 was registered on 26 April 2026 under multiple sections of the Bharatiya Nyaya Sanhita (BNS) . ₹2,05,000 of the defrauded amount has been frozen in a separate bank account.
Five additional NCRP complaints were found linked to mobile phones seized from the accused.
Four mobile phones in total were recovered; investigation is ongoing.
Delhi Police's Cyber Police Station, North-East District, has arrested two men from Jharkhand in connection with a ₹10,52,938 cyber fraud case, in which a 65-year-old Delhi resident was duped through a malicious APK file sent via a WhatsApp call. The arrests mark the successful resolution of a case that had drawn attention for its use of a fake KYC-update ruse to drain multiple bank accounts.
How the Fraud Unfolded
The complainant, Rakesh Kumar, a resident of Meet Nagar in the national capital, received a WhatsApp call on 25 April 2026 from an unknown individual who claimed his KYC details needed to be updated. The caller instructed Kumar to download a file. Once the file — a malicious APK — was installed on his device, a total of ₹10,52,938 was fraudulently withdrawn from his bank accounts through a series of unauthorised transactions.
An E-FIR (No. 00095/26, dated 26 April 2026) was subsequently registered at the Cyber Police Station, North-East District, under Sections 318(4), 319, 340, and 61(2) of the Bharatiya Nyaya Sanhita (BNS).
The Investigation and Arrests
A specialised team led by Inspector Rahul Kumar, SHO/Cyber NE, along with SI Talwinder Singh, Head Constables Ankit, Nitin, Amit, and Rohan, and Constable Saurabh, operated under the supervision of ACP OPS/NED Satyendra Kumar Singh. The team gathered technical and digital evidence from multiple sources before tracing the first accused to Dhanbad district, Jharkhand.
The first accused, Amarnath Rabidas, 20, was arrested, and three mobile phones were recovered from his possession. During sustained interrogation, he disclosed the involvement of an associate, leading to the arrest of Bikash Rabidas, 21, from whom an additional mobile phone was seized.
Modus Operandi
Both accused allegedly confessed to carrying out the fraud using malicious APK files, which, once downloaded by the victim, gave the perpetrators access to banking credentials and enabled unauthorised transactions. The defrauded amount was routed through multiple bank accounts, with a portion withdrawn via ATMs.
Investigators found that five other NCRP complaints were linked to the mobile phones recovered from the two accused, suggesting a broader pattern of cybercrime activity.
Recovery and Further Investigation
Police have so far managed to freeze ₹2,05,000 of the defrauded amount in a separate bank account. Four mobile phones in total were recovered from the accused. Further investigation into the case, including potential links to additional fraud complaints, is currently underway.
This case follows a broader national trend of APK-based cyber frauds, in which criminals impersonate bank officials or government agencies to trick victims into installing malware-laced files. Authorities have repeatedly cautioned citizens against downloading files from unknown callers, particularly those claiming to assist with KYC or account verification processes.
Point of View
And this case suggests the model has spread to neighbouring districts. What stands out here is the shift from voice-based vishing to APK-file deployment, a more technically sophisticated attack vector that gives criminals persistent access to a victim's device rather than a one-time transaction. The fact that five additional NCRP complaints were linked to the same phones suggests these two men were not lone operators. The ₹2.05 lakh freeze on a total loss of ₹10.52 lakh — less than 20% recovered — also underscores how quickly defrauded funds are dispersed across layered accounts, a structural challenge that law enforcement continues to struggle with despite faster FIR registration under the new BNS framework.
NationPress
28 Jun 2026
Frequently Asked Questions
How did the Delhi cyber fraud involving ₹10.52 lakh happen?
A 65-year-old Delhi resident, Rakesh Kumar, received a WhatsApp call on 25 April 2026 from an unknown person claiming to help update his KYC details. He was instructed to download a file; once installed, the malicious APK enabled fraudsters to drain ₹10,52,938 from his bank accounts through unauthorised transactions.
Who were the accused arrested in this case?
Delhi Police arrested Amarnath Rabidas, 20, and Bikash Rabidas, 21, both residents of Dhanbad district in Jharkhand. Four mobile phones were recovered from them, and five additional NCRP fraud complaints were found linked to their seized devices.
How much money has been recovered so far?
Police have frozen ₹2,05,000 of the defrauded amount in a separate bank account. The total fraud amount was ₹10,52,938, meaning the bulk of the money remains under investigation.
What is an APK file fraud and how can people protect themselves?
An APK (Android Package Kit) file is an app installation file for Android devices. Cybercriminals send malicious APK files disguised as legitimate tools — in this case, a fake KYC update — to gain remote access to a victim's phone and banking apps. Citizens are advised never to download files from unknown callers and to contact their bank directly for any KYC-related queries.
Under which laws were the accused charged?
The case was registered under Sections 318(4), 319, 340, and 61(2) of the Bharatiya Nyaya Sanhita (BNS) at the Cyber Police Station, North-East District, Delhi, via E-FIR No. 00095/26 dated 26 April 2026.
