Overview
- GRP Mumbai and the Telangana Cyber Security Bureau with Hyderabad Police issued fresh alerts on Dec. 31 about rapidly spreading greetings posing as personalized cards or gifts.
- The messages push users to install an Android APK that deploys spyware with access to SMS and OTPs, contacts and notifications, remote control features, and in some cases automatic forwarding from the victim’s WhatsApp.
- Victims have reported abnormal device behavior followed by unauthorized UPI or banking app transactions, with some cases involving small, repeated debits to avoid quick detection.
- Authorities urge people not to click suspicious greetings or sideload apps, to install software only from official stores, and to treat even messages from known contacts as potentially compromised.
- Users are advised to enable two step verification, uninstall unknown apps and disconnect data if compromise is suspected, and report promptly via the 1930 cybercrime helpline or cybercrime.gov.in; iPhones cannot install APKs but malicious links still pose risks.