Overview
The Fake PM Kisan Yojana Scam has recently gained widespread attention, particularly in Chhattisgarh, where it has caused significant concern among local residents, especially farmers. The scam involves the distribution of a fraudulent mobile application, PM Kisan.apk, which falsely claims to offer a quick and easy registration process for the PM Kisan Yojana, a government initiative aimed at providing financial assistance to farmers. The app, which is being circulated through WhatsApp groups and other social media platforms, lures users with promises of immediate registration for the scheme. However, once downloaded, the app compromises the user’s device, leading to serious security breaches and cyber fraud.
The application’s malicious functionality goes beyond simply collecting user information. Upon installation, it grants hackers access to personal data, including banking information, and can even trigger unauthorized transactions by intercepting OTPs (One-Time Passwords) from the user’s bank. As the app spreads through social networks, many victims find their WhatsApp accounts hacked, with unauthorized messages being sent to their contacts and groups. The app also causes the phone to behave abnormally, including rapid battery drain, slow performance, and excessive data usage, raising red flags for unsuspecting users.
Targets
Individuals
How they operate
Upon downloading and installing the PM Kisan.apk file, users unknowingly grant the malicious app extensive access to their mobile devices. The app, which has been tampered with, is equipped with malware that enables it to perform a series of harmful actions. One of the first impacts on the compromised device is remote access; the attackers can control the phone without the user’s consent. This allows them to extract sensitive personal data, including login credentials, banking details, and OTP (One-Time Passwords) that are crucial for financial transactions. The malware is capable of silently capturing these details and sending them to a remote server controlled by the attackers, often leading to bank account theft or unauthorized transactions.
In addition to stealing financial information, the malware can also manipulate communication apps on the device. For example, when the victim opens the fake app, their WhatsApp account is automatically compromised. The attackers gain the ability to send messages from the victim’s account to their contacts, further spreading the scam. This often leads to a vicious cycle, as more individuals download the fraudulent app after receiving messages from a trusted source. Furthermore, the app can disable normal phone functions, causing the device to slow down, drain battery life quickly, and consume data at an alarming rate. These symptoms are common signs of a malware infection, indicating that the device is being controlled remotely or is running additional malicious processes in the background.
From a technical perspective, the scammers rely on social engineering to ensure the success of the scam. By using names and images that resemble official government apps and presenting the scam as a quick solution for farmers seeking government benefits, they create a sense of urgency and trust. The fake PM Kisan app’s appealing design and its promise of instant benefits encourage users to take the risk of downloading it without considering the potential security implications. Moreover, the app is typically spread in public forums and groups, relying on peer pressure and the legitimacy of social connections to bypass suspicion.
Once the victim has been compromised, the scam can escalate quickly. If the attackers have gained access to the victim’s bank details or SMS-based two-factor authentication (2FA) codes, they can withdraw funds directly from the account or perform fraudulent transactions. In some cases, the malware also encrypts the victim’s personal files or locks them out of their accounts, effectively holding their data hostage for ransom. This makes the fake PM Kisan Yojana app not only a tool for stealing financial resources but also a gateway for more advanced cyber extortion techniques.
In response to this growing threat, cybersecurity experts recommend a multi-layered approach to protect against such attacks. Firstly, users must remain cautious about downloading apps from untrusted sources or unknown links. Even if an app appears to come from a trusted party, it’s important to verify its authenticity by checking official platforms like the Google Play Store or Apple App Store. Secondly, enabling two-factor authentication (2FA) for important accounts, particularly banking apps, can provide an additional layer of security against unauthorized access. Finally, if an infection is suspected, it is crucial to disconnect the device from the internet, report the breach to authorities, and take immediate steps to format the device and reset all accounts to prevent further damage.
References:
