Fake Mahanagar Gas APK Scam Drains Bank Accounts Using Call Forwarding Tricks

Cyber fraudsters are allegedly targeting customers of Mahanagar Gas Limited through a sophisticated scam involving fake gas bill alerts, malicious Android APK files, and call forwarding tricks designed to steal banking credentials and drain victims’ accounts.

Cybersecurity officials have warned that the scam is spreading rapidly across Maharashtra and Karnataka, with fraudsters exploiting fears of gas service disconnection to pressure users into taking immediate action.

Fraudsters Impersonate Mahanagar Gas Customer Support

According to reports, victims receive SMS messages or WhatsApp calls claiming their gas connection is about to be disconnected because of unpaid bills. The scammers allegedly pose as MGL customer care representatives and create urgency to manipulate users into responding quickly.

Victims are then sent links to download fake APK applications disguised as official Mahanagar Gas apps. Cybersecurity experts warned that these APK files are malicious Android installation packages capable of giving attackers remote access to mobile devices.

Officials stated that the fraudsters often rely on panic tactics and fake payment deadlines to prevent victims from verifying the authenticity of the messages.

Malicious APKs Used to Capture Banking Data

Investigators said that once the fake app is installed, cybercriminals may gain access to banking applications, passwords, personal information, and one-time passwords (OTPs) stored on the device.

In several reported cases, scammers allegedly instructed victims to dial specific mobile codes under the pretext of customer verification or account activation. Cyber experts warned that these codes can enable call and SMS forwarding services, allowing attackers to intercept OTPs and banking alerts without the victim’s knowledge.

Authorities believe the combination of remote device control and OTP interception enables fraudsters to conduct unauthorized banking transactions within minutes.

Victims Across Multiple States Report Financial Losses

Reports suggest that more than 100 individuals were allegedly targeted over the past month, with financial losses in Mumbai alone reportedly exceeding ₹2.7 crore. Victims included senior citizens, business owners, teachers, and domestic workers from Maharashtra and Karnataka.

In one incident under investigation, a 60-year-old resident from Thane allegedly lost more than ₹3.1 lakh after installing a malicious APK sent by individuals pretending to represent Mahanagar Gas. Police said unauthorized withdrawals were detected shortly after the application was installed on the victim’s phone.

Authorities Issue Cyber Safety Advisory

Cybercrime officials have strongly advised users never to download APK files received through SMS messages, WhatsApp links, or unknown sources. Authorities clarified that legitimate Mahanagar Gas services do not require customers to install unofficial applications for bill payments or account verification.

Users have also been warned against sharing OTPs, banking credentials, or personal information over calls and messaging platforms.

Experts recommend verifying all payment requests directly through official customer care channels and reporting suspicious activity immediately through government cybercrime portals or local police units.