New Digital Scam Targeting Bank Accounts Detected

26-Apr-2026

.

Sri Lanka Police have detected a new type of digital scam aimed at draining bank accounts.

According to police, if an individual downloads and opens a suspicious “.apk” file sent from an unknown number or even under the name of a friend, hackers may gain full control of the victim’s mobile phone.

As a result, hackers can access sensitive information such as SMS messages and OTP codes, enabling them to steal money from bank accounts.

Police have advised the public to be extremely cautious when opening messages received on their phones. It has been observed that .apk files are being circulated among smartphone users in Sri Lanka via WhatsApp and Telegram.

An APK file, known as an “Android Package Kit,” is a setup file used to install apps on Android smartphones.

These files are reportedly being sent under misleading labels such as wedding invitations, electricity bills, or lottery tickets. Once clicked, they may automatically install as an application on the phone.

After installation, hackers can control the phone’s contents, read incoming SMS messages, and secretly obtain confidential OTP codes related to banking transactions.

Police have strongly warned the public never to download or open suspicious .apk files sent from unknown numbers or even from contacts appearing to be friends.

Users are also advised to download applications only through Google Play Store or Apple App Store, and to disable the “Install Unknown Apps” option in phone settings.

If anyone becomes a victim of such fraud, police have requested them to immediately block their bank accounts and report the incident to the nearest police station or the Computer Crimes Investigation Unit of the Criminal Investigation Department.