MP Police bust inter-state cyber gang in APK and eSIM fraud
Madhya Pradesh Police has busted an inter-state cyber fraud gang that stole money from bank accounts using malicious APK files and eSIM swapping, officials confirmed on Tuesday, 12 May. Two accused were arrested after a covert four-day surveillance operation in Jharkhand, marking a significant strike against a growing category of mobile-based financial fraud.
The Arrests
The accused — Umesh Das (30) and Uttam Kumar Das (23), both residents of Madhupur in Deoghar district, Jharkhand — were arrested on 7 May during a late-night raid and brought to Madhya Pradesh on 11 May. Mobile phones, ATM cards, and bank passbooks allegedly used in the crime were seized from the duo.
How the Fraud Worked
According to police, the gang sent APK files — malicious Android application packages — through social media platforms and messaging applications. Once victims installed these files and granted permissions, the fraudsters gained remote access to SMS messages, one-time passwords (OTPs), banking alerts, and contact lists stored on the victims' devices.
The gang then generated eSIMs linked to the victims' mobile numbers, rerouting all banking OTPs and alerts directly to themselves. This effectively locked victims out of their own financial communications while giving the accused full transactional control.
The Victim and the Complaint
Chhotelal Kushwah (45), a resident of Doomar village under Banakhedi police station limits in Narmadapuram district, filed a complaint on 17 March stating that ₹3,09,917 had been fraudulently withdrawn from his bank account. The accused had allegedly gained remote access to his phone and diverted his banking credentials through eSIM activation.
The Investigation
Following the complaint, a Special Investigation Team (SIT) was formed under the supervision of Narmadapuram Superintendent of Police Sai Krishna S. Thota. A technical probe led the team to Jharkhand, where officers arrived on 2 May and conducted covert surveillance for four consecutive days.
Point of View
Fraudsters neutralise OTP-based security entirely — a vulnerability that neither banks nor telecom operators have adequately communicated to rural users. The fact that the victim was a villager in Narmadapuram and the perpetrators operated from Jharkhand underscores the geographic asymmetry of cybercrime in India: the fraud is borderless, but awareness and digital literacy remain deeply uneven. Law enforcement's covert surveillance response was commendable, but the systemic fix requires banks to mandate real-time eSIM change alerts and telecom operators to enforce stricter identity verification before eSIM issuance.
NationPress
28 Jun 2026
Frequently Asked Questions
What is the APK and eSIM fraud busted by Madhya Pradesh Police?
It is a mobile-based cyber fraud scheme in which criminals sent malicious APK files to victims, gained remote access to their phones, and then generated eSIMs linked to the victims' numbers to intercept banking OTPs and alerts. MP Police arrested two accused from Jharkhand's Deoghar district in connection with the scam.
Who were the accused arrested in the MP cyber fraud case?
The two accused are Umesh Das (30) and Uttam Kumar Das (23), both residents of Madhupur in Deoghar district, Jharkhand. They were arrested on 7 May following a four-day covert surveillance operation and brought to Madhya Pradesh on 11 May.
How much money was stolen in the Narmadapuram cyber fraud case?
According to police, the accused duped Chhotelal Kushwah, a villager from Doomar village in Narmadapuram district, of ₹3,09,917 by rerouting his banking OTPs through an eSIM they had fraudulently generated.
How can people protect themselves from APK file and eSIM swap fraud?
Police advise never installing APK files from unknown sources or clicking on suspicious links. If your mobile network suddenly stops working or you receive an unauthorised eSIM activation alert, contact your bank and mobile operator immediately to block any fraudulent transactions.
What is eSIM swapping fraud and why is it dangerous?
eSIM swapping is a fraud where criminals generate a digital SIM (eSIM) linked to a victim's mobile number, causing all calls, SMS, and banking OTPs to be routed to the fraudster's device. Combined with remote device access via malicious APK files, it allows criminals to bypass two-factor authentication entirely.
