A surge of malicious APK files disguised as “New Year Party Pics” or “Festive Greetings” is currently spreading across WhatsApp. Once installed, the malware takes control of the device, reads SMS OTPs, and drains bank accounts via UPI and payment apps while the victim is distracted by holiday celebrations.
Business Impact
This is a major threat to Bring Your Own Device (BYOD) security. If an employee’s personal phone is compromised, attackers can often bypass 2FA for corporate apps. In the region, where mobile banking is ubiquitous, this leads to immediate financial loss and potential insider access for the attackers.
Why It Happened
Fraudsters are exploiting “festive distraction.” The malware uses names like “New Year Gift.apk” and “SBI Yojna.apk” to trigger curiosity or greed. Once installed, it requests “Notification Access” to intercept bank alerts before the user can see them.
Recommended Executive Action
Issue a security alert to all employees: **Never** download or install .apk files received via WhatsApp or SMS. Advise staff to uninstall any unrecognized apps and to check their mobile settings for unauthorized “Notification Access” permissions.
Hashtags: #WhatsAppScam #MobileMalware #NewYear2025 #BankingFraud #BYOD #SocialEngineering #InfoSec