Phishing attack targeting Indian users with fake electricity subsidy app

A new Android phishing campaign is targeting Indian users by posing as the PM Surya Ghar: Muft Bijli Yojana, a government initiative launched in February 2024 that offers solar rooftop installation subsidies. Attackers exploit this scheme to trick victims into installing malware, promising free electricity units through a fake mobile application.

Phishing attack targeting Indian users with fake electricity subsidy appPhishing attack targeting Indian users with fake electricity subsidy app

Distribution and Social Engineering The attack starts with YouTube videos promoting the subsidy, embedding shortened URLs that redirect to a phishing site mimicking the official portal at pmsuryaghar.gov.in. This fake site includes misleading registration instructions and a deceptive Google Play icon that downloads a malicious APK from GitHub.

Phishing attack targeting Indian users with fake electricity subsidy appPhishing attack targeting Indian users with fake electricity subsidy app

The APK, named PMBY, installs a secondary malicious APK called PMMBY under the guise of a “Secure Update.” To evade detection, the installation prompts users to disable mobile data or Wi-Fi, although some antivirus solutions can still detect the threat.

Remote Command Execution Once launched, the malware presents a fake interface prompting users to select their electricity provider and requiring a phone number and a nominal ₹1 payment via a simulated UPI process. This leads to the exfiltration of sensitive banking details.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net