On January 25th, Hariprasad Dhakal from Lalitpur received a sudden alert that his NIC bank account had been debited. Despite the bank claiming the deduction was an error, the money was not returned and continued to be taken from his account.
This led Dhakal to the district police complex in Lalitpur where an investigation was launched, resulting in the arrest of 8 individuals who were involved in hacking into people’s mobile phones through a malicious app. The leader of the group, a 20-year-old named Sahil Parbez, had created an app called “Nepali Girl.”
Over 20 individuals had fallen victim to the app and lost more than 5 million rupees. The group used the app to hack into people’s phones and steal money from their mobile banking and wallet accounts.
The police are investigating the case and have received 20 complaints so far, with the possibility of more victims. They suspect that the group may have also stolen other important information from the hacked phones.
Now it has been found that many Nepalese are at high risk of cyber attacks due to an APK. One after the other, mobile banking, digital wallet and social media users have been cheated due to the APK named ‘Nepali Girl’.
It is a type of ‘weapon’ designed to trap internet users and make them victims of cyber attacks. Which can enter your mobile anytime in the form of ‘APK’ i.e. application.
Asgar Ali, Cyber Security Department Head of F1 Soft, says that it monitors the user’s activities and sends APK files according to their interests.
“Suppose you visit porn sites, such cybercriminals find out your mobile number and send pornographic APKs as a lure. The latest case we found was one related to porn and another related to football,” he says, who is also involved in research on the APK named ‘Nepali Girl’.
Ali said that as soon as such messages are clicked, APK is installed in the back end and all necessary permissions are taken.
“Once installed, such an APK can record phone calls, messages, photo gallery, various apps and passwords of your mobile device from a super admin level,” he says, “It is a type of spyware app. ”
This means that an APK like ‘Nepali Girl’ can prove to be more dangerous than giving your mobile with your password to someone else. “In such a situation, even if the phone is in your hand, it is as if someone else has taken complete control of it,” says Aslam Ali, describing the level of risk.
Once such APK is installed on the mobile, it remains hidden even when it is restored and deleted. According to cyber researchers, similar spyware was first seen in China some time ago during forensic investigations. But this kind of malware and spyware apk has started spreading in Nepal since last two to three months.
“‘Nepali Girl’ is just a ‘rename’ of the same spyware apk. This APK is being spread with names like Football, WhatsApp, Messenger, Viber,” Ali continues, “The names are different, but we are seeing this in the current context of Nepal under the name ‘Nepali Girl’.”
Although it looks like they are made for spyware, incidents of such APKs being used in crimes like fraud and blackmail have started coming to the surface. According to Ali, from the investigation so far, it has been found that fraud has been committed through this APK, including money transfer from the user’s bank account.
“Especially people who don’t know what mobile banking is, seem to be suffering from this,” he says, pointing out the threat level of APK, “In such cases, customers’ personal details are collected through various means and accounts like mobile banking are opened through it.”
The number of people filing complaints to Cyber Bureau and Nepal Police saying that they have been cheated is increasing. Pashupati Roy, spokesperson of the Cyber Bureau, said that complaints have started coming in saying that they have been victimized through this kind of APK.
“We have already registered 10/12 such complaints,” he said, “We are carrying out necessary investigations on those cases.” However, there is no definite data about how many users of this type of APK have entered the mobile phones in Nepal.
Incidents of users of eSeva, PhonePe, FOne Soft, various mobile banking etc. being cheated through ‘Nepali Girl’ APK have come to the surface. It seems that the weakness of the concerned person is responsible for cheating users through this APK.
“This is not because of any bank or wallet’s security weakness,” says Ali. Our only weakness is that we are not sufficiently aware of the customer.”
The ‘Nepali Girl’ APK, which contains porn and sexual content, is specifically targeted at male users. “Are you also looking for a sex partner, rest assured now” is said in the message sent to the user.
A recent informal investigation revealed that more than two crore rupees were stolen from customers’ bank accounts due to such APKs. However, it is yet to be revealed how many customers of which banks were affected.
Nirmal Dahal, co-founder of cyber security firm Cryptogen, says that Android users are especially vulnerable to such risks. “Because of the lack of awareness among the users, such crimes are on the rise recently,” he says.
Vijay Limbu, another cyber security researcher and co-founder of Bhairav Technologies, also says that most of the malware and spyware apks are installed on mobiles due to the ignorance of the users. Also, due to the rush to download and open the app, some users do not even pay attention to which permission to grant or not.
