Malicious PM-Kisan APK Malware Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware the Malicious PM-Kisan APK Malware Scam in India 2026: UPI & WhatsApp Fraud Alert

The Malicious PM-Kisan APK Malware Scam is a growing cyber threat in India that targets farmers and smartphone users with fake apps promising quick PM-Kisan subsidy claims, leading to UPI theft and data breaches.

What Is the Malicious PM-Kisan APK Malware Scam?

This scam involves fraudulent mobile applications (APKs) falsely claiming to be linked with the PM-Kisan Samman Nidhi Yojana, a government initiative providing financial support to farmers across India. The scam primarily targets farmers and rural smartphone users eager to access their subsidy payments or update their KYC details digitally. Scammers pose as officials or service providers and spread links to these fake apps via popular platforms like WhatsApp, Facebook, and local messaging apps common in rural India.

The apps are designed to appear legitimate, often mimicking the official PM-Kisan website and mobile interfaces. However, once downloaded, they install malware that steals sensitive personal information, including Aadhaar details, UPI PINs, bank account data, and contacts. This information is then misused for fraudulent transactions or identity theft. Complaints about this scam have been rising, especially in states with dense farming communities.

Indian cybersecurity agencies, including CERT-In and the Indian Cyber Crime Coordination Centre (I4C), have issued warnings against downloading unofficial PM-Kisan apps or clicking on suspicious links related to government subsidy disbursements. While the official PM-Kisan platform does not have any standalone mobile app, scammers exploit this gap to lure victims.

How This Scam Works — Step by Step

1. Initial Contact via Social Media or WhatsApp: Potential victims receive forwarded messages or posts claiming urgent updates or simplified subsidy processing through a new PM-Kisan app. These messages often emphasize speed and ease of subsidy approval.

2. Fake Website or Social Media Profile: The scam link leads to a fake website or social media page resembling the official PM-Kisan portal, increasing trustworthiness.

3. Prompt to Download an APK File: Users are asked to download an APK (Android Package Kit) file, as the app is not available on official stores like Google Play Store.

4. Malware Installation & Permission Requests: Installing the APK gives the app extensive access to the device’s data—contacts, messages, financial apps, and camera—often disguised as necessary permissions for subsidy processing.

5. Data Harvesting & UPI PIN Stealing: The malware extracts personal data such as Aadhaar numbers, bank details, and intercepts UPI transaction approvals by requesting OTPs or mimicking banking apps to steal PINs.

6. Unauthorized Transactions & Identity Theft: Using stolen UPI credentials or personal data, fraudsters carry out unauthorized fund transfers, often siphoning out subsidy amounts or other savings.

7. Victim Realizes Late: Victims may only notice financial irregularities after money has been debited or when their device behaves suspiciously.

Real Warning Signs to Watch For

• Messages urging immediate action to update PM-Kisan KYC or claim subsidies via a mobile app link.
• APK download prompts from unknown websites instead of Google Play Store or official government portals.
• Requests for sensitive information such as Aadhaar number, bank account details, or UPI PIN inside the app.
• Unusual permission requests during app installation, like access to SMS, contacts, or overlay on other apps.
• Messages or calls asking for OTPs related to banking or UPI transactions.
• Misspelled URLs or unofficial social media profiles claiming association with PM-Kisan.
• Sudden unexpected notifications of money transfer or UPI payments you did not initiate.

What Happens to Victims

Victims of this malware scam face both financial loss and emotional distress. Unauthorized UPI transactions can drain subsidy funds or personal savings. Under the current RBI framework, many fraudulent UPI transactions based on victim negligence (sharing PIN or OTP) are difficult to reverse. Moreover, if Aadhaar data is compromised, victims risk further identity misuse, such as unauthorized loans or SIM swaps by fraudsters.

The emotional impact includes anxiety over financial security, loss of trust in digital platforms, and difficulty in regaining control over stolen financial assets. Rural victims with limited access to cyber help centers are particularly vulnerable.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has repeatedly warned users to safeguard their UPI PINs and never share OTPs with anyone. RBI mandates banks to educate customers about secure digital payment practices.

CERT-In advises users to download applications only from trusted app stores and be wary of unsolicited messages offering financial benefits. In its cybercrime advisories, CERT-In highlights the rise of malware-laden applications disguised as government apps and stresses verifying official websites and mobile applications.

The Indian Cyber Crime Coordination Centre (I4C) provides a national cybersecurity platform and urges reporting such scams through the cybercrime.gov.in portal or calling the 1930 cybercrime helpline for prompt assistance.

How to Protect Yourself

1. Download Apps Only from Official Sources: Never install APKs from unknown websites; use Google Play Store or verified government portals.
2. Verify Official PM-Kisan Status: Check the official PM-Kisan website for updates; no standalone app is sanctioned by the government.
3. Ignore Urgent Messages Pressuring for Quick Action: Be skeptical of messages pushing expedited KYC or subsidy releases.
4. Never Share OTPs or UPI PINs: These are private credentials and no official channel will request them via SMS or calls.
5. Use Mobile Security Apps: Enable trusted antivirus or anti-malware apps to detect risky or unknown apps.
6. Check App Permissions: Do not grant extensive permissions unrelated to the app’s stated function.
7. Regularly Monitor Bank Accounts and UPI Transactions: Report unusual activity to your bank immediately.

What to Do If You've Been Targeted

• Immediately uninstall the suspicious app and disconnect your device from the internet.
• Change your UPI PIN and passwords linked to your bank accounts.
• Contact your bank’s customer service to report unauthorized transactions and request blocking or freezing of accounts if necessary.
• File a complaint on the Indian Cyber Crime Portal at cybercrime.gov.in detailing the scam with as much information as possible.
• Call the 1930 national cybercrime helpline for guidance and support.
• Inform your telecom provider if you suspect SIM swap fraud.
• Consider contacting local police cyber cells to escalate the issue for investigation.

Frequently Asked Questions

Q: Can I get my stolen PM-Kisan subsidy refunded if my UPI account was hacked via this scam?
A: Refunds depend on RBI and bank policies. If theft occurred due to sharing UPI PIN or OTP under duress, reversals may be difficult. Immediately report the fraud to your bank and cybercrime authorities for assistance.

Q: How can I be sure if a PM-Kisan app is official or fake?
A: The official PM-Kisan scheme does not have a dedicated mobile app on the Play Store. Beware of APK downloads from outside stores. Always verify information through the official PM-Kisan government website.

Q: Is WhatsApp a safe platform to receive PM-Kisan subsidy updates?
A: While WhatsApp is widely used, scammers exploit it to spread fake links. Avoid clicking on links sending APKs or asking for personal financial info. Confirm updates through official government websites.

For any suspicious messages or apps related to PM-Kisan or other schemes, verify details at BharatSecure.app and report suspected fraud promptly by calling 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.