Monday - Sunday: 8am - 5pm
SysCare Sri LankaSysCare Sri LankaSysCare Sri Lanka
(+94) 076 0 454 562
info@syscare.lk
Sri Lanka
SysCare Sri LankaSysCare Sri LankaSysCare Sri Lanka
Enquire Now

Sri Lanka Police Warn of Dangerous APK Scam Draining Bank Accounts via WhatsApp and Telegram

  • Home
  • news
  • Sri Lanka Police Warn of Dangerous APK Scam Draining Bank Accounts via WhatsApp and Telegram

Malicious Android files disguised as wedding invitations and electricity bills are giving hackers full control of victims’ phones.

Sri Lanka Police have issued an urgent public warning about a rapidly spreading digital fraud targeting Android smartphone users. Cybercriminals are distributing malicious .apk (Android Package Kit) files through popular messaging apps, WhatsApp and Telegram, in a scheme designed to silently steal banking credentials and drain accounts.

Police Alert April 24, 2026

Sri Lanka Police and the CID Computer Crimes Division have confirmed multiple victims. The public is urged not to open any .apk file received via messaging apps, regardless of the sender.

The fraudulent files are cleverly disguised as everyday documents  wedding invitations, electricity bills, and lottery draw notices  to trick users into opening them. Because the files carry a .apk extension, clicking on one instantly and silently installs a malicious application on the victim’s Android device without their knowledge.

Once installed, the malware grants hackers complete remote control over the infected phone. Attackers can read all incoming SMS messages, intercept One-Time Passwords (OTPs) tied to mobile banking apps, and transfer funds out of accounts before the victim is even aware.

The SriLankan Airlines impersonation case

In a related case, police uncovered a targeted scheme where fraudsters impersonated SriLankan Airlines. Victims were contacted via WhatsApp and directed to download a file named SriLankan.apk from three fake websites. This app functioned as a banking trojan, also capturing biometric data such as fingerprints and facial recognition used for banking authentication.

SriLankan Airlines has confirmed it never contacts customers via WhatsApp or requests OTPs, banking PINs, or screen-sharing under any circumstances.

Coordinated attacks on Sri Lankan banks

Cybersecurity experts have also reported a separate wave of coordinated phishing attacks targeting more than a dozen Sri Lankan banks simultaneously. Fraudulent websites closely mimicking official bank portals including fake versions of HNB, Standard Chartered, DFCC, and others are being used to harvest login credentials and OTPs in real time.

SysCare IT Training image 1 2

How to protect yourself

  • Never download or open .apk files received via WhatsApp, Telegram, or any messaging app
  • Only install apps from the official Google Play Store or Apple App Store
  • Disable “Install Unknown Apps” in your Android phone settings immediately
  • Never share OTPs, PINs, or banking passwords with anyone  including people claiming to be bank staff
  • Always type your bank’s URL directly into the browser; do not click links from messages
  • If you suspect you’re a victim, suspend your bank accounts immediately and report to the nearest police station or CID Computer Crimes Division