Varanasi, Uttar Pradesh | March 10, 2026: On January 5, 2026, Shri Anoop Gupta, son of late Tadaknath Gupta and a resident of Machharhatta under Ramnagar police station, approached the Cyber Crime police station in Varanasi with a written complaint. Gupta reported that cybercriminals had illegally hacked into his bank account and transferred a total of ₹8,38,402. An FIR (No. 02/2026) was promptly registered under Section 318(4) of the Bharatiya Nyaya Sanhita (BNS) and Section 66D of the Information Technology Act. As the investigation progressed, additional sections — 61(2), 317(2), 338, 336(3), and 340(2) of the BNS — were added to the case, reflecting the gravity and layered nature of the offence.

Accused Profile:

1. Nageshwar Mandal, son of Rajesh Mandal — approximately 30 years old. Currently residing in village Bhadur, Andal, Paschimi Bardhaman, West Bengal. Permanent resident of village Mohanpur, Narayanpur, Jamtara, Jharkhand.
2. 
   
3. He is the gang's ringleader and has a prior criminal record: FIR No. 39/2021 under Sections 414, 419, 420, 467, 468, 471, and 120B of the IPC, along with Sections 66B, 66C, and 66D of the IT Act, registered at Cyber Crime PS, Jamtara.
4. 
   
5. Akshay Mandal alias Pintu, son of Lakhinder Mandal — approximately 24 years old. Currently residing in village Bhadur, Andal, Paschimi Bardhaman, West Bengal.
6. Permanent resident of village Siyatad, Karmatad, Jamtara, Jharkhand.

Modus Operandi: RTO Challan Malicious APK

Jamtara: India's Phishing Factory Evolves Into a Malware Hub

The permanent addresses of both accused point to Jamtara, Jharkhand — a district that has become synonymous with organised cyber fraud in India. What began over a decade ago as a hub for rudimentary phishing calls — where young men would impersonate bank executives and trick victims into revealing card details over the phone — has evolved into something far more dangerous.

Jamtara's criminal networks have graduated from social engineering to software engineering. The current case demonstrates that these groups now build and deploy custom Android malware: Trojan-laden APK files bundled with SMS-forwarding capabilities. This is no longer a phone scam; it is a distributed cyber attack operation with dedicated roles for malware development, distribution, fund extraction, and money laundering through Telegram bots and mule accounts.

Police officials who deserves a pat !

The operation was executed by a well-coordinated team comprising Inspector Udaybeer Singh, Inspector Shivakant Shukla, Sub-Inspectors Alok Singh Yadav and Vivek Singh, Head Constable Rajnikant, Constables Chandrashekhar Yadav, Devendra Yadav, and Dilip Kumar, along with driver Vijay Kumar from the Social Media Cell.

The Android Vulnerability: Why Unrestricted Sideloading Is a Systemic Risk

At the heart of this fraud — and thousands like it across India — lies a fundamental architectural choice in Google's Android operating system: the ability to install applications from sources outside the Google Play Store, known as sideloading.

Unlike Apple's iOS, which until recently restricted app installation to its curated App Store, Android has historically allowed users to install APK files from any source — a browser download, a WhatsApp message, or a link in a fake RTO flyer. While this openness is often celebrated as a feature of user freedom, it is also the single largest attack surface exploited by cybercriminals targeting the Indian digital population.

The victims in cases like these are not careless technologists. They are ordinary citizens — shopkeepers, retirees, small business owners — who receive what appears to be an official government or banking notification and follow its instructions. Android's permission model, while improved in recent versions, still relies on the user to understand the implications of granting SMS access or device administration privileges to an unknown application. That is an unreasonable expectation for the vast majority of smartphone users.