What to do if I shared my OTP in a UPI scam?

Immediately contact your bank using their helpline, such as SBI at 1800-11-1109, and request to freeze your account to prevent further unauthorized transactions.

How can I identify the Fake UPI App Security Upgrade APK Scam?

Look for messages urging you to download apps outside official app stores or demanding sensitive information. Authentic banks won't ask for sensitive details via SMS.

How can I report this type of scam in India?

Report it by calling 1930 or visiting cybercrime.gov.in. Additionally, notify your bank about the incident to block any unauthorized transactions.

What steps can I take to recover money or protect my accounts after falling victim?

Contact your bank immediately to report the fraud, change passwords, and initiate any recovery processes. Monitor your bank statements for unauthorized transactions.

Fake UPI App Security Upgrade APK Scam

INDIA — By BharatSecure Threat Intelligence Team · Updated Apr 30, 2026

Verdict: Suspicious | Risk Score: 8/10 | Severity: High

Category: UPI, WhatsApp, Phishing

Scam Intelligence: Fake UPI App Security Upgrade APK Scam

Proprietary signals from BharatSecure's scam-tracking database.

Last reported

Apr 23, 2026

How Fake UPI App Security Upgrade APK Scam Works

Overview: Masquerading as genuine upgrade alerts, scammers are sending malicious APK files promising 'RBI-ready' or '2FA compliance' UPI app updates. Victims who install these apps end up installing malware capable of harvesting every keystroke, UPI PIN, and biometric authentication, leading to silent, unauthorized withdrawals from their accounts. The danger is amplified as these false alerts are made to look like urgent instructions from trusted platforms. How It Works: 1. Victim gets an SMS or WhatsApp message saying: "Update Paytm / PhonePe / GPay for RBI 2FA today! Download here." 2. The provided link downloads an APK from outside the official app store. 3. On installation, the malicious app overlays your original UPI app interface, records every action, and may even request permission for screen sharing or control. 4. After gaining trust via a 'test transaction', the app siphons account details and automates repeat unauthorized fund transfers. India Angle: This scam is highly prevalent in Tier 2/3 cities and among smartphone users without strong technical know-how. Victims often use Hindi, Marathi, or Bengali, with attacks localized through language-specific messages and adapted to the most popular UPI apps. Real Examples: - "RBI Alert: Upgrade Paytm for 2FA. Otherwise, your wallet will be suspended. Download: paytm-protect.in/apk" - "Click this link urgently to make your PhonePe app RBI compliant." Red Flags: 1. Messages prompting you to install or update financial apps from sources other than Google Play or Apple App Store. 2. Claims your UPI services will be suspended unless you download an APK file. 3. Requests for test transactions to 'activate' security features. 4. Pop-ups demanding excessive device permissions (e.g., screen recording, accessibility controls). Protective Measures: - Only update apps via official app stores. - Enable app-installation restrictions on your device. - Never approve installation permissions from unknown sources. If Victimised: 1. Uninstall the suspicious app immediately. 2. Run a full antivirus scan. 3. Report the incident to 1930 and file a complaint on cybercrime.gov.in. 4. Reset all UPI and bank passwords and alert your bank. Related Scams: - Fake UPI cashback and reward APK frauds. - Malicious remote access app scams via SMS install links. - Phishing sites impersonating UPI customer support.

How This Scam Works — Detailed Explanation

Scammers are increasingly leveraging SMS and messaging platforms, such as WhatsApp, to reach potential victims with personalized messages. They take advantage of the trust and urgency associated with UPI transactions and the growing reliance on mobile banking in India. Often, these messages appear to come from 'official' bank numbers, making it difficult for the average user to spot the fraud. These messages usually contain alarming language, claiming that immediate action is required to comply with the Reserve Bank of India’s (RBI) new security measures. Victims can often be anyone, from students to working professionals, who may be casually browsing their phones or checking messages during their daily routines.

The scammers employ a variety of psychological tricks to entice users. They typically use strong authoritative language, asserting that the upgrades are necessary for the victim's security, labeling the new app as 'RBI-ready' or assuring that it meets the '2FA compliance' standards. Furthermore, they create a sense of urgency, suggesting that failure to download may result in the suspension of UPI services. By playing on the fears and concerns of users, they effectively disarm critical thinking, prompting them to act swiftly without verifying the authenticity of the message. Many users are unaware that UPI updates should only be done through official app platforms like the Google Play Store or Apple App Store.

Once a victim clicks on the provided link, they are directed to download a malicious APK file disguised as a UPI App upgrade. Upon installation, the malware begins to gather sensitive information like keystrokes, UPI PINs, and even biometric data without the user's knowledge. Victims may then receive notifications verifying test transactions or security checks within the app, which only reinforces the illusion of security, making them more likely to input their sensitive information. For instance, a recent victim who works at a call center in Mumbai downloaded such an APK and lost ₹2 lakh within days without ever realizing it was a scam.

The ramifications of this scam are severe. Recent reports have indicated that scams of this nature have resulted in the loss of approximately ₹500 crore across India in the past year alone, prompting the Ministry of Home Affairs (MHA), the RBI, and the Computer Emergency Response Team - India (CERT-In) to issue warnings and advisories on this troubling trend. The rise in such scams has raised alarm bells within the financial ecosystem, leading to increased efforts to educate the public and curb these fraudulent activities by public and private sector banks alike.

To avoid falling victim to the Fake UPI App Security Upgrade APK Scam, individuals must first learn how to recognize such scams amidst genuine alerts. Always verify the source of the message and look for common red flags, such as pressures to download apps from unofficial sources or requests for sensitive information in busy chats. Genuine communications from banks will never ask for your UPI PIN through a text or a third-party app. Keeping an eye on official bank channels and cross-checking any notifications with bank helplines, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, can dramatically reduce the risk of falling prey to such scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Fake UPI App Security Upgrade APK Scam Target?

General public across India

Red Flags — How to Identify Fake UPI App Security Upgrade APK Scam

Messages pushing app updates outside official app stores
APK download link for supposed RBI or 2FA upgrades
Pop-ups demanding strange permissions on your phone
Asked to do 'test transactions' in a new app

What To Do If You Encounter Fake UPI App Security Upgrade APK Scam

Report any suspicious messages immediately at 1930 or visit cybercrime.gov.in.
Contact your bank immediately if you downloaded the APK or shared any sensitive information.
Change your UPI PIN and any passwords connected to your banking apps.
Uninstall any apps you don't recognize or that you believe were installed through a fraudulent link.
Enable security features like two-factor authentication (2FA) on your banking apps.
Educate family and friends about these scams to protect them from becoming victims.

How to Report Fake UPI App Security Upgrade APK Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank using their helpline, such as SBI at 1800-11-1109, and request to freeze your account to prevent further unauthorized transactions.
How can I identify the Fake UPI App Security Upgrade APK Scam?: Look for messages urging you to download apps outside official app stores or demanding sensitive information. Authentic banks won't ask for sensitive details via SMS.
How can I report this type of scam in India?: Report it by calling 1930 or visiting cybercrime.gov.in. Additionally, notify your bank about the incident to block any unauthorized transactions.
What steps can I take to recover money or protect my accounts after falling victim?: Contact your bank immediately to report the fraud, change passwords, and initiate any recovery processes. Monitor your bank statements for unauthorized transactions.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.