Ahmedabad: WhatsApp hacked after APK download, company loses Rs 31L

Ahmedabad: A 46-year-old businessman from Nikol on Monday lodged a complaint with the cybercrime police after Rs 31.42 lakh was siphoned off from his company's cash credit account through multiple online transactions within 20 minutes. The complainant, a resident of Nikol-Naroda Road, runs a submersible pump parts trading company in Naroda GIDC Phase-I, along with his partner. The company maintains a joint cash credit account with a private bank, linked to both partners' mobile numbers for transaction alerts, while OTPs are received only on the complainant's phone.According to the complaint filed on Feb 16, the unauthorized transactions were done after the complainant's partner received an APK file on WhatsApp on Jan 21 in a group message. The file, purportedly meant to check an RTO e-challan, sought Aadhaar and PAN details when opened. Suspecting something amiss, he immediately closed the file.On Jan 28, the complainant's partner's WhatsApp stopped working around 1pm. After he restarted the phone, he got a message stating the app would resume after OTP verification. Within 30 minutes, the account became active again.Around 7.58pm the same evening, both partners began receiving SMS alerts stating that funds were being debited from the company's Yes Bank account. Within 20 minutes, nine transactions amounting to Rs 31,42,665 were processed without their knowledge. The individual transactions ranged from Rs 55,000 to Rs 6.73 lakh. The complainant stated that no OTP was received for these transactions.A complaint was immediately registered on the cyber helpline. Around the same time, Rs 25,000 was also debited from the complainant's partner's personal savings account with the same bank, prompting a separate complaint. An investigation was initiated to trace the beneficiary accounts and the digital trail. Officials suspect the APK file may have been malicious and used to gain unauthorized access to banking credentials.