APK App Scam

Modified on Fri, 08 Mar 2024 at 04:44 PM

During your everyday Internet use or while scrolling through social media platforms, you might encounter irresistible offers for products or services. However, it's essential to remain cautious, as some of them could turn out to be potential scams, you could end up with an empty bank account! 


A scam app can:

  • Take charge of your device, open banking app and initiate/approve fund transfer.
  • Guide you to fraudulent payment pages that send your banking credentials to the scammer.
  • Read SMS messages containing your TAC/OTP.


Learn how it works:

  • Scammers impersonate genuine businesses to grab your attention offering a range of attractive deals.
  • Scammers will then suggest moving the conversation to encrypted messaging app. 
  • Subsequently, scammers will send the victim an .APK (Application Packaging Kit) file or a link to install an unverified app for the purpose of scheduling appointments and making payments.  
  • Once the APK file has been downloaded, the scammers will then run malicious APK file on the device to extract the information needed.
  • The victim will receive a request to grant the app permission to send and view SMS. This enables the scammers to get the TAC number for banking transaction.
  • The victim will then be directed to a fraudulent payment page which closely resembles the authentic online banking login page where the banking username and password will be captured by scammers.
  • With the acquired information, the scammers can initiate a bank transaction and gain access to the victim's SMS for TAC verification, thus enabling them to withdraw all the funds from the victim's bank account.


Scammers usually convince their victims to install the APK malware files through:

  • Attractive offers, such as:
    • Festive promotions 
    • Cheap air-conditioning services
    • Affordable maid / cleaning services
    • Cheap travel package
    • Exclusive restaurants
    • Receive special discount
  • Wedding invitation
  • One on one chatting and many more.


How to spot a scam app:

  • Unrealistic offers

The advertised products or services appear to be too good to be true.

  • High-pressure tactics

You are pushed into making an immediate decision, often accompanied by claims that the opportunity is limited like "Last day! As Low As RMXX” or "Sign up Now to enjoy free gift worth RM X,XXX".

  • Suspicious link

Scammer will always share a URL and prompt victim to download a third party app.

Things to keep in mind:

  • DO NOT trust deals that seem too good to be true.
  • DO NOT rush into decisions, and don't let anyone pressure you into acting quickly.
  • Keep your device safe by regularly updating their operating systems and apps to get the latest security fixes.
  • Tighten your device's security by using a trusted antivirus on your smartphone or mobile devices and make sure to keep it updated regularly.
  • Avoid clicking on suspicious links sent through SMS or messaging services, as they might collect your information or downloading malware to your device.
  • Only download Android apps from trusted sources like Google Play Store. If you must use apps from other places, make sure they're from reputable sources and read reviews.
  • Before installing an app, check the permissions it asks for and make sure it comes from a known author or publisher.

To report this issue, please get in touch with us.

Rest assured that CelcomDigi is actively taking measures to ensure our customers do not fall prey to such scams.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article