Hacked 2.0: It gets APPsolutely dangerous when crime goes mobile in Gujarat | Ahmedabad News - The Times of India

Ahmedabad: We carry our whole world in our palms. Chats, bank apps, photos, passwords -- all handily located in our smartphones. But that convenience also makes it irresistible to criminals. The India Cyber Threat Report 2025 from the Data Security Council of India (DSCI) and Seqrite says smartphones are now the hottest target for cybercrooks, and Gujarat is among their favourite hunting grounds.The biggest tool in a cybercriminal's kit today is the Android Application Package (APK) -- essentially an app installation file that can be downloaded outside the Play Store. These rogue APKs, once installed, can hijack phones, steal data, or drain bank accounts -- all with a single tap.Aggressive malwareThe most aggressive malware families currently preying on Gujarat's smartphones are RewardSteal, Anatsa (also known as TeaBot), and Rafel RAT. They all exploit user trust and phone permissions to steal data or money.The report paints a sobering picture: 38.15 lakh malware detections were recorded in the state over the past year -- the fourth-highest tally in India. Of the 8.44 million devices monitored through Seqrite and Quick Heal antivirus software, one in every three showed signs of infection. Surat has emerged as India's malware capital, accounting for 14.6% of national detections and 69.3 threats per device. Ahmedabad, meanwhile, ranked seventh with 38.9 detections per device.RewardSteal, an "infostealer" malware, spreads via WhatsApp or SMS messages that appear to be from banks or govt departments. Victims are often told they are due a reward or must pay a fine and are prompted to download an APK. Once installed, the app demands access to sms messages, enabling it to intercept one-time passwords (OTPs) and banking notifications. The app then uploads the stolen data to a command-and-control (C2) server -- a remote system used by hackers to receive stolen data -- or to cloud services like Firebase, all while disguising its icon to avoid detection.Tricked and trackedAnatsa, a banking Trojan disguised as a PDF reader or QR scanner, abuses accessibility services (a feature meant for users with disabilities) to read the screen and log keystrokes. It can stream your display live, letting criminals watch you enter credentials. Its latest version includes a remote access trojan (RAT) software that gives hackers full remote control of your phone and enables fake login screens to capture passwords.Rafel RAT, used for espionage and ransomware, goes further. Once installed, it allows attackers to read call logs, messages, and even turn on the camera or lock files for ransom. It communicates covertly with its C2 server through encrypted channels or Telegram bots, making it almost impossible to trace.According to DSCI, 702 potential attacks hit Indian devices every minute between Oct 2023 and Sep 2024. Trojans and file infectors now account for 68% of mobile incidents. Each succeeds not through complex code, but human error -- a careless tap that installs a fake app."No govt or bank will ever send you an APK link. Treat every unsolicited download request as a theft attempt," warns a senior CID (Crime) official.Fake ChatGPT appsA new report has warned that fake ChatGPT apps on Android are fast emerging as a major cyber scam. These apps pose as legitimate AI chat tools but request dangerous accessibility permissions which, once granted, allow them to hide their icon, run silently, read screen content, intercept messages, track location, and monitor calls. Cybersecurity experts say attackers are now combining such malicious apps with sophisticated phishing kits that use ASN blacklists to block security firm traffic, device fingerprinting to evade detection, and content delivery networks (CDNs) to conceal real servers behind global systems. Many also deploy reverse proxies to mask their infrastructure, dynamic pages to generate fresh scam content, and geofencing to target specific regions.The report outlines a three-step phishing workflow: criminals first steal login credentials and phone numbers, then harvest identity details and assess account balances, and finally display convincing fake pages or alerts to trick victims into making payments or approving transfers."Please avoid unknown APKs that land in your message apps and never grant accessibility or SMS permissions," adds the senior CID official.EXPERT SESSIONTOI-NFSU's Hacked 2.0 expert session will be held at NFSU's IGH Hall in Gandhinagar at 4pm on Tuesday. The topic is 'IAS & IPS: High-value targets for phishing, forgery & social-engineered attacks'. Representatives of IAS and IPS cadres will be part of the event.