India has reported over 12.47 lakh cybercrime cases in the last six months, with daily financial losses ranging from ₹10 to ₹15 lakh. The country's framework includes the Information Technology Act, Bhartiya Nyaya Sanhita, National Cyber Security Policy, and Cyber Swachhta Kendra. However, outdated laws, low digital literacy, and jurisdictional complexity, contribute to vulnerabilities.
Copyright infringement not intended
Picture Courtesy: THE HINDU
The APK scam increasing due to rapid digital adoption, low user awareness, and sophisticated criminal tactics.
It is a type of Cyber fraud, which involves malicious Android Package Kit (APK) files. Fraudsters exploit these files to spread malware.
How it work?
Step 1 => Scammers contact through call or message, warning victims about issues like blocked bank accounts, missed government subsidies, or pending electricity bills.
Step 2 => They Send a link of an app which mimic official portals of trusted institutions such as government subsidy schemes (e.g., PM-Kisan), tax refund platforms, electricity boards, or banks requesting KYC updates.
Step 3 => Once installed, these apps request permissions like access to contacts, SMS, notifications, call logs, location, and the microphone.
Step 4 => App runs in the background, monitoring, mirroring, and mining all data, transmitting data to external servers operated by fraudsters.
Cyber Fraud in India
National Cyber Crime Reporting Portal registered over 12.47 lakh different types of cybercrime cases in six months of 2025. Officials report 20 to 30 cases daily, with daily financial losses between ₹10 and ₹15 lakh. (Source: The Hindu)
Officials estimate that 60% to 70% of malicious APKs used in India are developed locally in Delhi NCR, Meerut, Uttar Pradesh, Jamtara, and parts of Jharkhand. (Source: The Hindu)
Telegram channels and dark web marketplaces serve as primary distribution channels, delivering pre-built APK kits and modules for fee.
According to the Home Affairs Ministry, Indians lost Rs 22,845.73 crore to cyber criminals in 2024.
According to CloudSEK's ThreatLandscape Report 2024, India emerged as the second most targeted nation for cyber attacks, following USA.
Legislative Framework
Information Technology Act, 2000 (IT Act): Regulates e-commerce, e-governance, and e-banking, impose penalties and punishments for cybercrimes.
Bhartiya Nyaya Sanhita (BNS): Provisions related to theft, cheating, dishonest misappropriation, and mischief, applicable to cyber incidents
Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021: Establishes a legal structure for social media platforms, OTT platforms, and digital news providers, including data safeguarding and complaint redressal.
National Cyber Security Policy 2023: Aims to safeguard information and infrastructure, prevent and respond to cyber threats, minimize vulnerabilities.
Proposed Digital India Act: Set to replace the IT Act, focusing on online safety, trust, accountability, open internet, and regulating new technologies like AI and blockchain.
Institutional Framework and Initiatives
Computer Emergency Response Team – India (CERT-In): Providing guidelines for monitoring, detecting, preventing, and managing cybersecurity incidents.
National Critical Information Infrastructure Protection Centre (NCIIPC): Established under the IT Act to safeguard Critical Information Infrastructure (CII), covering sectors like power, banking, telecom, transportation, and government.
National Cyber Crime Reporting Portal: Allow citizens to report cybercrime cases.
Cyber Swachhta Kendra: Detects malicious programs and provides free tools for malware cleaning, including M-Kavach for mobile threats.
Reserve Bank of India (RBI): Issued a comprehensive Cyber Security Framework for all scheduled commercial banks.
International Coordination: CERT-In coordinates with counterpart agencies in foreign countries on cyber incidents originating outside India.
India lacks comprehensive legislation to address the full spectrum of cybercrimes. Current laws fail to cover emerging threats like phishing and cyberstalking.
Low levels of digital literacy and limited awareness of cyber threats exacerbate vulnerabilities, only 12% of individuals over 15 years of age in India have ICT skills, according to Centre For Economic and Social Studies (CESS).
Hackers/cybercriminals using AI to identify victims and exploit vulnerabilities.
Developers use encryption techniques to hide malicious code from detection tools. APKs remain dormant during installation, bypassing antivirus software scans.
Arrests occur for local operators, but the masterminds and developer/coders remain difficult to track.
Stolen funds move through layers of digital laundering, converted into cryptocurrency via temporary "mule accounts," making recovery impossible.
Fraudsters reuse same website or APK file with minor interface modifications (name, logo, URL), bypassing detection even after earlier versions are blacklisted.
Fraudsters conduct digital surveillance, data leaked from sources like customer directories of malls/hospitals/service portals or Social Media details, allow criminals to customize their approach and craft convincing, urgent messages.
Google or other intermediaries do not scrutinize every application hosted on their servers. Fraudsters exploit this by using mule accounts and shell identities.
Amend Existing Laws to align with evolving technological advancements and emerging threats. Enhance penalties for cybercrimes, clarify ambiguous sections, and ensure stronger enforcement mechanisms.
Digital Personal Data Protection Act, 2023, must ensure careful and transparent implementation, balancing innovation with the protection of fundamental rights.
Invest in advanced tools and training for cyber forensics teams to improve their capabilities in detecting, preventing, and responding to cyber threats effectively.
Joining the Budapest Convention on Cybercrime, to align efforts with global standards and facilitate cross-border collaboration in addressing cyber threats.
Implement stronger regulations or cooperative frameworks that require platforms like Google to enhance scrutiny of applications hosted on their servers.
Develop more robust systems to detect use of temporary "mule accounts" and shell identities for laundering funds. RBI launched "MuleHunter.ai" tool to combat cyber fraud.
Educate citizens about the tactics of cyber fraud, the dangers of clicking suspicious links, installing apps from unknown sources, and verifying urgent messages.
Implement stricter measures to prevent data leaks from customer directories of malls, hospitals, and service portals, limiting fraudsters' ability to conduct targeted surveillance.
Develop systems that can quickly identify and blacklist variations of reused malicious website or APK files, rather than waiting for individual reports or blacklisting.
Government must strike a balance between strengthening cybersecurity measures for national security and defending the rights and privacy of citizens.
Source: THE HINDU
PRACTICE QUESTION Q. Analyze the role of technological gaps and public awareness deficits in exacerbating the problem of cyber fraud in India. 150 words |
India faced a massive surge in cybercrime in 2024, with financial losses skyrocketing to Rs 22,845.73 crore, a 206% increase from the previous year, and over 36 lakh financial fraud incidents reported.
Fraud occurs without your participation, where victims are unaware and haven't given authorization, while a scam relies on your involvement, where victims authorize transfers or provide information thinking the situation is genuine.
The DPDP Act, 2023, is India's first cross-sectoral legislation on data protection, requiring consent for processing personal data, granting consumers rights over their data, and imposing obligations on businesses
© 2025 iasgyan. All right reserved