Fake RTO e-Challan WhatsApp Scam Resurfaces: Fraudsters Push Spyware Through Malicious APK Files

 

Cybercriminals have once again revived an old trick—but with a more convincing disguise. This time, scammers are exploiting the name of the official RTO e-challan system to deceive smartphone users. Over the past year, malicious APK files have been circulated in the form of fake wedding invitations, PM-Kisan alerts, courier updates, and KYC notices. Now, the same method is being used to send fraudulent “RTO Challan” messages on WhatsApp, luring victims into installing powerful spyware.

The fraud begins with a seemingly urgent WhatsApp alert claiming that a traffic challan has been issued against the recipient’s vehicle. The message includes a link or an attachment labelled as an e-challan file. Many users, acting out of fear or confusion, click the file—unknowingly giving criminals full access to their device.

Victims typically receive a message saying: “An e-challan has been issued for your vehicle. Download the file below to view details.”

The attachment is an APK file with names like RTO_Challan.apk or E-Challan_Details.apk. Once downloaded, the file installs automatically on Android phones and begins functioning as spyware.

After installation, the malware:

• Provides hackers complete remote access to the device

• Captures banking app information, OTPs, contacts, and personal files

• Automatically sends the same malicious APK to all WhatsApp contacts

• Enables criminals to execute online banking transactions undetected

Cyber experts warn that this form of malware is extremely dangerous because no further interaction is required—the victim’s phone essentially becomes a control panel for the fraudster.

APK (Android Package Kit) files are standard installation packages for Android apps. While apps on the Google Play Store undergo safety checks, APKs sent through WhatsApp, SMS, email, or Telegram do not. Many users mistake APK files for regular documents or images and tap them without realizing the risk. This lack of awareness makes such scams highly effective.

How the scam could evolve further

Scammers typically exploit themes that trigger fear, urgency, or excitement. Experts believe similar APK-based attacks may soon appear in the form of:

• PM-Kisan installment notifications

• Overdue electricity bill alerts

• Passport or courier delivery updates

• Lottery or prize winnings

• Bank KYC reminders

• Government scheme eligibility messages

While the topics may change, the underlying tactic remains the same: tricking users into downloading malware via a fake APK.

7 essential safety steps

• Never download APK files received through WhatsApp—even from known contacts.

• Verify real traffic challans only through: echallan.parivahan.gov.in

• Remember: wedding invitations, PDFs, photos, and government documents never come in .apk format.

• If a known person sends an APK, call to confirm—it may be sent from a hacked account.

• Disable Install apps from unknown sources in your device settings.

• If you downloaded a suspicious APK:

  • Turn off mobile data/Wi-Fi immediately

  • Uninstall the unknown app

  • Change all banking passwords and PINs

• In case of financial fraud, call 1930 (National Cyber Fraud Helpline) without delay.

As digital transactions become more common, cyber risks continue to grow. The ongoing fake RTO challan scam is a strong reminder to stay vigilant—check every link, scrutinize every file, and never trust unsolicited messages.

Most importantly, ensure senior citizens and less tech-savvy users are informed, as they are the most vulnerable. Just one infected APK is enough to compromise your phone and drain your bank account in minutes.