list.lk
Police Expand Warning on Banking Trojan Scam: Malicious .apk Files Disguised as Various Notices via WhatsApp and Telegram
The Pulse
EconomyCrimeTechHOTThursday, April 23, 2026

Police Expand Warning on Banking Trojan Scam: Malicious .apk Files Disguised as Various Notices via WhatsApp and Telegram

TLDR

  • Police warn of banking trojan via malicious .apk files.

  • Scammers use WhatsApp/Telegram, disguised as SriLankan Airlines, bills, etc.

  • App grants remote access, stealing OTPs and SMS messages.

  • Immediately suspend bank accounts and report to Police/CID.

Both SriLankan Airlines and Sri Lanka Police have issued public warnings about a significant increase in scam activities targeting the airline's customers. Fraudsters are reportedly impersonating airline staff through WhatsApp messages and direct phone calls, directing individuals to install a malicious "SriLankan.apk" mobile application. This app, distributed via three identified fraudulent websites (srilankan.wuozgo.cc, srilankan.vaco.cc, and srilankan.krgo.cc), functions as a banking trojan, granting unauthorized remote access to mobile phones. The scheme aims to expose sensitive financial data such as one-time passwords (OTPs), banking PINs, and credit card information, enabling criminals to conduct fraudulent transactions. SriLankan Airlines has clarified that it does not contact customers via WhatsApp or make unsolicited calls for ticketing or promotional purposes.

4 Updates

Update #5\u00b7 Apr 26 · 4:46 AM

Police have further clarified that the malicious .apk files can be received from an unknown number, in addition to appearing to come from trusted contacts. The harmful software grants hackers access to sensitive data including SMS messages, alongside One-Time Passwords (OTPs). Authorities are now advising victims to immediately suspend their bank accounts and report the incident to the nearest police station or the Computer Crime Investigation Division of the Criminal Investigation Department.

Update #4\u00b7 Apr 25 · 7:18 AM

Police have expanded their warning regarding the banking Trojan scam, clarifying that the malicious .apk files are also being distributed via Telegram, in addition to WhatsApp. The fraudsters are using various new disguises beyond airline impersonations, including wedding invitations, electricity bills, and lottery notices. Once installed, the harmful software grants hackers the ability to control the victim's mobile device screen and access sensitive data, even if the file appears to come from a trusted contact or friend. Authorities reiterate the importance of not downloading or opening any suspicious .apk files.

Update #3\u00b7 Apr 24 · 3:47 AM

Authorities have now identified the three fraudulent websites used by scammers to distribute the malicious 'SriLankan.apk' application. These websites are https://srilankan.wuozgo.cc, https://srilankan.vaco.cc, and https://srilankan.krgo.cc.

WhatsAppPost on X

Pulse Check — How do you feel?

Sign in to vote

Discussion

No comments yet. Be the first to share your thoughts!