Wedding Invitation Scam: Bengaluru Businesswoman Duped of INR 5 Lakh After Downloading Fake Invite APK File on WhatsApp
A Bengaluru businessman lost INR 5,00,440 after clicking a fraudulent wedding invitation on WhatsApp. The "invite" was a malicious APK file that granted scammers access to his banking apps. Police have registered a case under the IT Act and BNS, as experts warn citizens to never download executable files from unknown WhatsApp contacts.
A 42-year-old businessman in Bengaluru has reportedly lost INR 5,00,440 after falling victim to a sophisticated cyber fraud involving a fake wedding invitation sent via WhatsApp. Noor Nahid Khan was targeted with a message containing an Android Package Kit (APK) file disguised as a digital wedding card. Upon downloading the file, the victim unknowingly granted the attackers remote access to his smartphone, allowing them to siphon funds from his bank account through multiple unauthorised UPI transactions within a nine-minute window.
Bengaluru Police Shares Mechanism of the APK Malware Attack
The fraudulent message was crafted with enticing language, inviting the recipient to download an attachment for ceremony details. According to the Bengaluru police, the APK file served as a gateway to install a malicious application outside the official Google Play Store. Once installed, the software likely gained permissions to access sensitive areas of the device, including banking applications, Google Pay, and private stored information. Wedding Invitation Scam: Fake Invites on WhatsApp Target Bengaluru Residents With Malicious APK Files.
Scammers Actively Preying on People With Fake Invite APK File
Digital literacy is the need of the hour!
People need to know the difference between JPEGs and APKs.
NEVER download or install random .apk files sent via WhatsApp from unknown numbers, even if it looks like a harmless wedding invite.
Scammers are actively preying on this… https://t.co/0ZKEHYrYEs
— Sumit Gupta (CoinDCX) (@smtgpt) May 11, 2026
Â
On April 16, between 4:45 am and 4:54 am, the attackers executed a series of rapid transactions to drain the victim's account. Investigators believe this incident is part of a larger, organised cyber fraud operation targeting mobile users across the city using similar social engineering tactics.
Legal Action and Cyber Crime Investigation
Following a formal complaint, local authorities have registered a case against unknown persons under Sections 66(C) and 66(D) of the Information Technology Act, 2000, which cover identity theft and cheating by personation using computer resources. Additionally, charges have been filed under the Bharatiya Nyaya Sanhita (BNS), 2023.
The police have warned that these files are particularly dangerous because they operate silently in the background. Unlike standard digital invitations, which are typically shared as JPEG, PNG, or PDF files, these malicious APKs contain executable code designed to compromise the operating system of the receiver's phone.
Urgent Call for Digital Literacy in India
The incident has sparked widespread concern regarding digital awareness. Sumit Gupta, co-founder of the cryptocurrency firm CoinDCX, took to social media to urge users to exercise extreme caution. He emphasised that "digital literacy is the need of the hour," noting that many users struggle to distinguish between safe image files and dangerous executable packages. What Is ‘Emergency Call’ Scam? Zerodha CEO Nithin Kamath Reveals How This New Fraud Works (Watch Video).
Security experts advise that legitimate organisations and individuals rarely send APK files for invitations. Users are urged to never install files from unknown sources and to educate family members on "basic digital survival skills" to prevent similar financial losses in the future.
(The above story first appeared on LatestLY on May 11, 2026 09:27 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).
