RTO Challan APK scam: India’s digital landscape faces yet another cyber threat. A new scam, targeting WhatsApp users with a fake “RTO E-Challan” APK, has started making rounds. Designed to look like an official message from India’s Regional Transport Office (RTO) or “MParivahan,” the file tricks users into installing malware that can compromise their devices and even get their WhatsApp numbers banned.
Reports suggest that the scam spreads rapidly. Users receive an APK file—Android’s application installation format—via WhatsApp, often from a contact they know. The file is labeled with official-sounding names like “RTO E Challan” or “MParivahan” to make it seem authentic.
However, clicking on the APK can compromise the device, steal personal information, and automatically forward the malicious file to all contacts. Several users have reported that interacting with this file has even led to their WhatsApp accounts being temporarily or permanently banned.
Once installed, the malicious APK gains access to your device and its settings. It can:
Extract sensitive personal information stored on your phone
Alter device settings to propagate itself
Automatically send the same APK to your contacts, turning your phone into an unwitting distributor
Potentially compromise the integrity of your WhatsApp account
Even a single accidental click can trigger the malware. The scam capitalizes on familiarity and urgency, users are more likely to click because the file comes from a trusted contact. The consequences are far-reaching: personal data theft, system compromise, and potential account suspension.
Do not download or open APK files from WhatsApp or SMS messages, even if they appear to come from known contacts.
Remember: Government agencies, including the RTO, do not send APK files through WhatsApp.
Delete suspicious messages immediately and avoid forwarding them to others.
If you’ve already clicked the file: Disconnect your phone from the internet immediately
Run a complete antivirus scan using a trusted security app
Locate and uninstall the malicious APK from your phone settings
Change all important passwords, especially for email, banking, and social media accounts.
This scam shows how cybercriminals are leveraging technology and social engineering to target everyday users. As digital adoption grows, so do the methods of cyber theft. WhatsApp users, in particular, need to exercise caution, double-check messages, and maintain up-to-date security software on their devices.