Android Malware Exploits Fake Energy Subsidy Promises in India to Steal Financial Data
Published on August 19, 2025
- Fake app: A malicious app distributed under a false claim in India steals sensitive user data.
- The lure: Cybercriminals create YouTube videos with a government energy subsidy lure.
- How it works: The shortened URL in the video description leads to a portal where a malicious APK is downloaded.
An Android malware campaign has been detected targeting Indian users by impersonating a government program. This energy subsidy scam utilizes phishing websites and malicious applications to steal sensitive financial data from users attempting to apply for the subsidy, posing a significant threat to user security.
Sophisticated Phishing Techniques
According to a recent McAfee security report, threat actors behind the campaign lure victims via YouTube videos promoting fake portals that capitalize on the legitimate government subsidies for energy under Prime Minister Surya Ghar Yojana.
These videos feature deceptive shortened links for downloading an Android app and redirect users to phishing websites masquerading as legitimate government portals.
The phishing sites encourage users to download malicious APK files hosted on GitHub, further enhancing the scam’s legitimacy and bypassing standard app vetting procedures.
Once installed, the app initiates a two-stage malware delivery process. The initial APK operates as a downloader for the embedded primary malware, deceiving users with labels such as “Secure Update.”
The malicious app then aggressively requests permissions to access SMS, contacts, and notifications, enabling it to intercept financial data, steal one-time passwords (OTPs), and send phishing messages to victims' contacts.
Risks and Implications
The Android malware not only collects UPI details and banking credentials of Indian users but can also propagate itself by spamming victims’ contact lists with phishing links.
Its ability to execute commands via Firebase Cloud Messaging (FCM) increases the potential for large-scale exploitation and data theft. With such advanced tactics, this phishing campaign endangers both personal privacy and financial security.
Recommended Precautions
Users are urged to adopt stringent security measures to counter such threats:
- Download apps only from verified platforms, such as Google Play Store.
- Scrutinize URLs for authenticity and avoid links from unknown sources.
- Regularly update devices and use trusted mobile security software to detect threats.
- Be vigilant about apps demanding excessive permissions.
Enhanced awareness and robust security practices can shield users from falling prey to this financial data theft scheme, safeguarding both personal and financial information.
In February, Indian bank users were targeted with malicious WhatsApp APKs to steal sensitive data.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular