“Sir, we’re seeing some irregular activity on your card… did you authorize a ₹38,000 payment to Travel Now Dubai?”
The voice on the other end of the phone was calm, maybe too calm. But for Mr. Srinivas Rao, a 52-year-old businessman from Nagole, it wasn’t just the question that chilled him, it was the realization that he hadn’t swiped his card in days.
“No,” he replied slowly, his heart beginning to race. “I didn’t. Wait, what’s going on?”
What followed was nothing short of a modern-day digital horror story, one that’s becoming all too familiar in cities like Hyderabad.
The Transactions That Never Asked for Permission
It began with a string of silent deductions, eight of them, ranging from ₹6,000 to over ₹40,000. All from two of his credit cards: one from RBL, the other from YES Bank.
No OTPs. No alerts. Just money vanishing into the black hole.
Srinivas checked his SMS inbox. Nothing. Email? Silent. It was only when he logged into his banking app that he saw the trail of destruction. ₹1.52 lakh, gone.
“I didn’t even get a chance to say no,” he later told the cybercrime team. “It just… happened.”
The Mystery App on His Phone
Still confused, he began combing through his phone. And then something caught his eye.
A dull green icon sat tucked away between other apps. “PM Kisan Yojana,” it read.
“Strange,” he mumbled. “I never applied for that scheme. Why would I download this?”
He couldn’t remember installing it, and yet, there it was.
By now, the pieces were falling into place.
Cybercrime Meets Subtle Infiltration
This wasn’t your average scam, the kind that asks you to click a shady link or share OTPs with a stranger. No. This one was stealthy.
All it took was one fake app, likely installed unknowingly via a malicious link disguised as something useful or official, and the rest was just silent theft.
By the time Srinivas reached the cybercrime cell in Rachakonda, similar complaints were already piling up.
“It’s becoming common,” said one officer. “These apps hide inside phones like ghosts. They look harmless, but once installed, they scan your device for passwords, banking data, and give remote access to scammers sitting halfway across the world.”
Not an Isolated Case
Srinivas isn’t alone.
Earlier this year, a private sector employee fell for a similar trick.
She received a WhatsApp link claiming to be part of a central scheme, complete with a downloadable “dashboard app.”
That one tapped into her ICICI credit card. Thankfully, she reported it in time, and ₹97,998 was recovered.
But most aren’t that lucky.
What Can You Do?
The scary part? These apps aren’t on the Play Store or the App Store.
They’re side-loaded through APK files, shared via WhatsApp or Telegram, and designed to mimic real government initiatives. Once you click ‘install’, it’s already too late.
If Srinivas could rewind time, he probably would’ve done a few things differently:
- Never installed apps from unknown sources.
- Reviewed phone app permissions regularly.
- Kept a closer eye on his bank transactions.
- Set alerts for all card activity, even the smallest ones.
But hindsight, as they say, is always 20/20.
Final Thoughts: Ghost Apps in a Digital World
As more of our lives go digital, so do the risks. What happened to Srinivas could happen to anyone, your family member, your co-worker, maybe even you.
The next time an app asks you for permissions it shouldn’t need, pause. The next time someone sends you a government scheme link on WhatsApp, ask why they didn’t just send it to your inbox from an official domain.
Because sometimes, it’s not just what you download, it’s what downloads you.
