What are the red flags of this scam?

Legitimate wedding invitations are shared as images, PDFs, or website links — never as .apk files • The file name contains words like 'Wedding,' 'Shaadi,' 'Invitation,' or 'Card' with an .apk extension • The sender is unknown, or the message comes from a contact whose phone may have been compromised • After installation the 'card app' requests Accessibility Services or SMS permissions — a greeting card needs neither • Bank OTP alerts arrive for transactions you did not initiate, shortly after installing the file

What should I do if this happened to me?

Do not install any .apk file received via WhatsApp, SMS, or any messaging app — real invitations are never APK files • If you already installed it: immediately remove the SIM, call your bank from another phone to freeze your account and block UPI • Uninstall the APK; if you cannot identify all installed apps, factory-reset the device and change all banking PINs and passwords from a clean device • If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it. • Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).

HIGH phishing Share

WhatsApp "wedding invitation" is actually an APK that empties your bank account

A WhatsApp APK file disguised as a digital wedding card silently grants attackers full access to SMS, OTPs, and banking apps, draining the victim's account within minutes of installation.

Also known as: shaadi card APK scam, WhatsApp wedding invite malware, digital wedding card fraud, fake invitation APK fraud, festive greeting APK scam

Already happened to you? Do this in the next few minutes

Call 1930 now

1 Call 1930 — the national cyber-crime helpline — right now. The sooner you report, the better the chance of freezing the money before it moves.
2 Call your bank to freeze the account and block the card immediately. Use the number printed on your card, never a number from the message or caller.
3 File a report at cybercrime.gov.in and keep every message, screenshot, and transaction ID.
! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.

What to do right now

1 Do not install any .apk file received via WhatsApp, SMS, or any messaging app — real invitations are never APK files
2 If you already installed it: immediately remove the SIM, call your bank from another phone to freeze your account and block UPI
3 Uninstall the APK; if you cannot identify all installed apps, factory-reset the device and change all banking PINs and passwords from a clean device
4 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
5 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).

Was remote-access software installed?

If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.

Run SeraphSecure to detect and remove it →

Red flags

⚠ Legitimate wedding invitations are shared as images, PDFs, or website links — never as .apk files
⚠ The file name contains words like 'Wedding,' 'Shaadi,' 'Invitation,' or 'Card' with an .apk extension
⚠ The sender is unknown, or the message comes from a contact whose phone may have been compromised
⚠ After installation the 'card app' requests Accessibility Services or SMS permissions — a greeting card needs neither
⚠ Bank OTP alerts arrive for transactions you did not initiate, shortly after installing the file

Known variants

Bank KYC or govt-scheme APK (2026 Karnataka/Gujarat surge): APK disguised as ICICI KYC, HDFC update, Bank of India PAN update, courier tracking, or PM-Kisan registration app. Karnataka saw 190% APK fraud rise in 4 months; Gujarat homemaker lost ₹7.46 lakh to fake BOI KYC APK (May 2026). Delhi Police arrested sellers of fully-undetected APKs at ₹4,000 each.

Last seen: 6/9/2026
SBI Rewards APK (2025–2026): SMS/WhatsApp says your NetBanking reward points (₹8k–₹18k) 'expire today — install SBI Reward app to redeem.' The APK grabs SMS/Accessibility, intercepts OTPs, auto-forwards to all WhatsApp contacts. SBI never sends APK reward links.

Last seen: 5/25/2026
Cockroach Janta Party APK (May 2026): Exploiting viral Gen-Z political satire movement, fraudsters share a fake 'official party app' APK via WhatsApp and Telegram. The APK is a full RAT: intercepts OTPs and SMS, steals contacts and banking credentials via Accessibility Service abuse. TraceX Labs rated CRITICAL.

Last seen: 5/27/2026
Fake doctor appointment APK: victim searches online for a hospital or specialist number, caller shifts to WhatsApp and sends 'Doctor_Appointment.apk'. Malware intercepts banking OTPs and silently transfers funds. ₹4.5 lakh lost in Hyderabad (Jan 2026); ₹18 lakh in Anupshahr; ₹50,000 in Agra.

Last seen: 5/29/2026

Already happened to you? Do this in the next few minutes

What to do right now

Red flags

Known variants

Sources