One click can wipe out your entire savings: Rise of counterfeit banking apps and how to stay safe

A man from Kerala’s Nedumbassery received a fake mobile banking update after withdrawing Rs 4 lakh from his Provident Fund to cover two major expenses. He downloaded the app, entered his credentials, and was shocked to find two alerts: one transaction of Rs 1.9 lakh and another of Rs 2.1 lakh, both listed as purchases. The Ernakulam Rural Cyber Police confirmed his worst fear: the app he downloaded was fake, laced with a screen-sharing tool. As he typed in his login details, scammers were watching in real time, taking full control of his bank account.

Counterfeit banking applications are fake versions of real apps created by cybercriminals to scam people. They replicate the original, often with slight changes in a letter, making it difficult for users to spot the difference at first glance. Criminals regulate the description of the counterfeit app using keywords that people typically search for when looking for the legitimate version.

Many apps even make it past security checks of major app stores like Google Play and the Apple App Store by obfuscating code, delaying malicious activity, or uploading a clean version first and pushing harmful updates later. Fake and unidentified apps use realistic interfaces to appear trustworthy to both users and app store reviewers, only to later commit cybercrimes.

Cybercriminals send APK files or shady links via social media, WhatsApp, ads, or messaging platforms, bypassing app stores entirely.