Residents in Bengaluru are being targeted with fake wedding invitations sent through WhatsApp that contain malicious APK files disguised as digital invites. Cybercriminals are reportedly using these files to gain access to users’ smartphones, including sensitive banking and personal information. One businessman has allegedly lost nearly INR 5 lakh after downloading and installing the attachment. The scam message usually arrives from an unknown number or, in some cases, from a compromised contact that appears familiar to the recipient. The invitation looks genuine at first glance, using formal wording, wedding-themed emojis, and an attached file named something similar to “Wedding Invitation.apk” to trick users into opening it.
How the Wedding Invitation Scam Works
The message typically reads: “We’re happy to invite you to our wedding. Kindly download the attached invitation for complete details,” followed by emotional lines requesting the recipient’s presence and blessings. Once the APK file is installed, malware can silently enter the device and potentially steal banking credentials, OTPs, contacts, messages, and other sensitive data. Many in Bengaluru are receiving this fake wedding invite on WhatsApp with an APK file attached. Downloading and installing this APK steals sensitive data from ur phone.
Users To Avoid APK Downloads
CoinDCX co-founder Sumit Gupta also reacted to the scam and stressed the need for stronger digital awareness among users. “People need to know the difference between JPEGs and APKs,” he wrote, urging individuals to educate family members and elderly users about the dangers of downloading random files from messaging apps. Cybersecurity experts say such scams are not entirely new but are becoming increasingly common during India’s wedding season, when people are more likely to trust invitation-related messages. Similar cases have been reported in various states, with several victims losing large sums of money after unknowingly installing malware via APK attachments.
Bengaluru Residents Asked To Stay Alert
Police and cybercrime authorities across India have repeatedly advised users not to install APK files received via WhatsApp, Telegram, SMS, or email unless they come from a trusted and verified source. Android devices usually display security warnings before installing apps from unknown sources, but many users bypass these prompts, believing the file is legitimate. Experts also warn that scammers often use compromised phones to spread such messages further. This makes the fake invitation appear as if it was sent by a friend, colleague, or family member, increasing the chances of victims opening the attachment.
Safety Tips To Avoid Falling Victim
Users are advised not to download or install APK files received through messaging platforms, especially from unknown or suspicious contacts. Invitations should always be verified directly with the sender through a phone call or another trusted communication channel. Experts also recommend asking for image-based invitations instead of app files, enabling two-factor authentication on banking accounts, monitoring financial activity regularly, and reporting suspicious messages to cybercrime authorities or local police immediately.
ALSO READ: Jacqueline Fernandez Not A Victim, Accepted Sukesh’s Gifts: ED Rejects Plea To Turn Approver
