Fake Traffic-Challan Through WhatsApp: Cyber Fraud Cases Surge Across Tripura, India
Santosh Kumar
November 26, 2025
A new wave of sophisticated cyber fraud is rapidly spreading across Tripura and India as cybercriminals exploit WhatsApp and Telegram to distribute dangerous trojanised Android applications. The latest investigation reveals that fraudsters are using fake traffic-challan alerts to deceive users into downloading malicious APK files disguised as official government apps.
The most alarming disguise is a counterfeit version of NextGen mParivahan, an app closely resembling the Ministry of Road Transport & Highways’ official platform. The genuine mParivahan app provides digital access to driving licences, vehicle registration certificates, and other essential transport services. But the fraudulent version, distributed through WhatsApp messages, contains potent malware.
The scam begins with users receiving a WhatsApp message claiming to be an official traffic violation notice. The message includes fabricated details such as challan numbers and vehicle registration data, giving it an authentic look. When the user clicks the link, they are prompted to download a seemingly legitimate app. Instead, they unknowingly install malware designed to steal sensitive information.
Cybersecurity researchers have uncovered a wider network of misleading apps beyond fake traffic services. These include names like RTO Challan, E-Challan APK, Wedding Invitation, and even adult-themed apps such as Bhabhi Calling and Video Call APKs. Once installed, these apps quietly embed themselves in the device and automatically forward harmful links to the victim’s WhatsApp and Telegram contacts. Because the links appear to come from trusted sources, the malware spreads at high speed, turning entire personal networks into targets.
A cybersecurity analyst highlighted the shift in tactics:
“Fraudsters no longer rely on random cold calls. They are now exploiting trust within personal contact networks to distribute malware. Our investigation shows that scam hubs across India are heavily involved in organising these operations.”
According to investigators, these campaigns have already resulted in financial theft running into crores of rupees.
At the heart of this threat are Remote Access Trojans (RATs), malicious tools that give attackers full control over the victim’s smartphone. Once granted permissions such as SMS access, file storage, and accessibility services, these RATs can intercept OTPs, manipulate banking apps, steal personal data, activate the camera and microphone, and even conduct unauthorised financial transactions. In many cases, victims lose money within minutes before they realise what has happened.
The reliance on WhatsApp and Telegram for distribution has made the threat far harder to contain. Since the malicious links come from familiar contacts, users are more likely to trust and install the apps without suspicion. This social engineering tactic creates a chain reaction that spreads across communities with alarming speed.
Cyber experts stress that public awareness is the strongest defence. Citizens are urged to:
* Avoid downloading apps from third-party links or unknown sources.
* Install apps only from trusted platforms like Google Play Store or Apple’s App Store.
* Stay alert to apps requesting excessive permissions, especially SMS and accessibility access.
* Keep mobile devices updated and review app permissions regularly.
* Use reliable mobile security/antivirus apps.
For those who suspect they may have installed a malicious app, immediate action is essential. Victims should uninstall the suspicious app, change their banking passwords, and temporarily disable UPI transactions. Cyber fraud cases should be reported through the national helpline 1930 or via cybercrime.gov.in.
Cybersecurity organisations continue working with law enforcement to track these evolving threats. Experts warn that although such scams are spreading nationwide, certain regions show higher activity levels. They emphasise that the era of cold-call phishing is giving way to a more sophisticated and dangerous trend, trojanised APKs spreading through personal networks.
Staying cautious, verifying every unsolicited message, and practising strong digital hygiene remain the most effective tools for protecting against these rising cyber threats in India.
(Tripurainfo)
more articles...