Private company in Bengaluru found selling bulk voter data to candidates in Karnataka Assembly polls
Cyber Crime Branch officials file FIR against company
New Delhi: At the threshold of the Assembly elections in the state, a private firm in Bengaluru has been found selling voter data in bulk.
While the owners are yet to be traced, the company has been found advertising on its website openly that it has ‘sensitive information’ related to voters, including their mobile phone numbers and WhatsApp numbers, reports The News Minute.
The potential clients are given login access by the company and can purchase the voters’ information and other services from the website, for as low a price as Rs 25,000.
Investigation on the domain details of the website revealed that it was registered in Delhi in April this year, but all other details on the website had been redacted by the company.
The Election Commission has been investigating if the company could have been used to bribe the voters to provide such information, by crediting funds into the voters’ accounts through the Unified Payments Interface (UPI).
The matter of the data sale by the company came to light when Raju, an independent candidate, informed the EC after he was called on phone and offered voter data for a price. Raju spoke to Srinivas, the officer in-charge of enforcement of the Model Code of Conduct, about the matter. The officer, in turn, roped in the police, who registered a complaint on April 24.
An FIR has also been registered by the Cyber Crime Branch (Southeast Division) officers in Bengaluru against the private company in this regard.
On logging in to the website of the private company, it was found that the dashboard declared that the website contained data of up to 6.5 lakh voters, including 3.45 lakh male, 2.93 lakh female and 5,600 other voters. It is yet to be confirmed about the total data that the company has and if the data pertains to specific constituencies, says The News Minute.
Sources in the EC have expressed concern that the format of the data being sold is similar to what is stored on Eronet, the government portal with the EC data on voters and which only election officials can access.
This is the second voter scam discovered in Karnataka in the last six months. In November 2022, ‘Chilume’, a private company, was found to have collected personal data from lakhs of Bengaluru voters. The company staff had posted it as officials of the Bruhat Bengaluru Mahanagara Paliker (BBMP).
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
TraceX Guard Strengthens National Safety Against Mobile Cyber Threats
India is witnessing a sharp rise in trojanised Android APK scams, as cybercriminals increasingly exploit fake government, banking, LPG, challan, and welfare scheme apps to seize full remote control of victims’ smartphones.
Cybersecurity investigators warn that attackers are now widely deploying Remote Access Trojan (RAT) malware, often powered by leaked builder kits such as CraxsRAT and heavily modified custom payload frameworks. Once installed, these malicious APKs can convert an ordinary Android phone into a fully controlled fraud device, enabling silent surveillance, banking theft, and mass scam propagation.
These malware campaigns are primarily being distributed through WhatsApp, Telegram, SMS phishing links, and fake APK download websites, where users are tricked into installing apps disguised as:
- e-Challan apps
- SBI KYC verification tools
- PM Yojana portals
- mParivahan clones
- LPG booking apps
- fake adult video call apps
As the scale of the threat intensifies, cybersecurity startup TraceX Labs has introduced TraceX Guard, positioning it as a frontline mobile defence platform against APK fraud, RAT infections, QR scams, and malicious permission abuse.
Fear-Based Social Engineering Behind the Surge
According to investigators, these frauds typically begin with panic-driven social engineering messages sent over WhatsApp or Telegram.
Common bait messages include:
- Your traffic challan has been issued
- Your SBI KYC is pending
- PM Yojana verification required
- Your LPG cylinder booking failed
- Your bank account will be blocked
These alerts often include fake challan numbers, vehicle details, Aadhaar-linked references, or forged bank notices, creating a sense of urgency that pushes victims to install the malicious APK without verification.
One of the most dangerous variants currently in circulation is a fake mParivahan-style application, which closely mimics India’s legitimate transport services interface while secretly embedding a hidden RAT payload.
How the Malware Takes Over Smartphones
Once installed, the malicious APK immediately requests dangerous permissions, including:
- Accessibility access
- SMS permissions
- Call logs
- Notifications
- File storage
- Battery optimization exemptions
Security researchers say Accessibility Service abuse remains the most critical attack vector, allowing the malware to silently:
- read screen contents
- detect banking and UPI apps
- auto-click Allow / Confirm / Pay buttons
- capture OTPs
- launch hidden overlays
- navigate banking sessions
- trigger silent fund transfers
Because these actions occur directly on the victim’s trusted device, attackers are often able to bypass traditional fraud detection systems.
Within minutes, victims may lose control over:
- bank balances
- UPI wallets
- Aadhaar and PAN scans
- contact lists
- personal photos and media
- incoming calls
- SMS OTPs
In many cases, the malware also self-propagates by forwarding malicious APK links through the victim’s own WhatsApp groups and Telegram chats, triggering a chain infection effect across trusted social circles.Fake RTO Challan APKs Become the Most Dangerous Variant
Among the most active campaigns, fake RTO challan APK scams have emerged as one of the most financially destructive.
Victims are first lured into paying a ₹1 “verification fee”, after which the malicious app requests highly sensitive information such as:
- card number
- expiry date
- CVV
- UPI PIN
- net banking credentials
- even ATM PINs
Cybersecurity experts stress that no legitimate government payment system ever asks for an ATM PIN inside an app, making this an immediate red flag.
Once payment details are entered, the embedded RAT intercepts OTPs and silently completes unauthorized transactions.
India’s Mobile Fraud Crisis Reaches Critical Levels
Investigators estimate that more than 70% of reported cyber fraud cases in India now originate from mobile devices, with millions of complaints linked to:
- malicious APKs
- phishing URLs
- QR scams
- RAT droppers
- banking session hijacks
- WhatsApp fraud chains
The impact is particularly severe across Tier-2 and Tier-3 regions, where smartphone adoption has expanded faster than awareness around:
- APK sideloading risks
- dangerous permissions
- fake banking overlays
- accessibility abuse
- WhatsApp APK scams
This has effectively turned Android smartphones into the primary battlefield of India’s financial cybercrime ecosystem.
TraceX Guard Introduced as a Real-Time Defence Layer
In response to this rapidly evolving threat landscape, TraceX Labs has launched TraceX Guard, an AI-powered multilingual Android security suite built specifically for India’s APK fraud ecosystem.
The platform offers:
- real-time APK scanning
- malicious permission detection
- hidden app discovery
- RAT behaviour monitoring
- QR & phishing URL safety grading
- OTP and SIM fraud alerts
- Wi-Fi hotspot verification
- ransomware defence
- India-specific scam intelligence feeds
- support for 10+ regional languages
Its offline-first AI architecture allows users to scan threats without uploading personal data, making it especially useful for privacy-conscious users and low-connectivity regions.
TraceX Labs says the system is specifically trained to detect patterns used in:
- fake challan scams
- counterfeit SBI APKs
- PM Yojana malware
- wedding invitation APK attacks
- honey-trap adult apps
- Telegram-based RAT droppers
From Phishing to Malware-Driven Financial Warfare
Cybersecurity analysts say this marks a major shift in India’s digital threat landscape.
What once began as simple phishing links has now evolved into malware-driven financial warfare at scale, where a single infected smartphone can silently compromise:
- families
- WhatsApp groups
- banking accounts
- local communities
- social trust networks
With losses from mobile-first fraud already running into tens of thousands of crores, experts believe the future of cyber defence will increasingly depend on preventive mobile security tools capable of stopping unsafe APKs before installation.
In that battle, TraceX Guard is emerging as one of the most important first lines of defence for India’s digital users.
Download Now : https://play.google.com/store/apps/details?id=com.tracexlabs.guard
