The Sri Lanka Police have issued a warning to the public about a dangerous new financial scam being carried out through “.apk” files sent via WhatsApp and Telegram.

According to authorities, these malicious files are often disguised as wedding invitations, electricity bills, or prize notifications. Users may mistakenly believe they are opening an image or PDF, but once clicked, harmful software is installed on their mobile devices.

This malware allows hackers to gain control of the phone’s screen and access sensitive data, including SMS messages. As a result, one-time passwords (OTP) related to bank accounts can be intercepted without the user’s knowledge, putting their finances at serious risk.

The police strongly advise the public not to download or open any suspicious “.apk” files, even if they appear to come from a known contact or a familiar name.

Additionally, users are urged to only download applications from trusted sources such as the Google Play Store or Apple App Store. It is also recommended to disable the “Install Unknown Apps” option in phone settings to prevent unauthorized installations.

If anyone suspects they have fallen victim to such a scam, they should immediately take steps to secure their bank accounts and report the incident to the nearest police station or the Computer Crimes Investigation Division of the Criminal Investigation Department.