Beware of the Fake “SriLankan APK” App Scam Impersonating SriLankan Airlines

Information continues to be reported regarding financial frauds perpetrated in cyberspace through the impersonation of reputable institutions. Presented below is an analysis of one such organised financial scam, carried out via a fraudulent “SriLankan.apk” application that misuses the name of SriLankan Airlines.

Explainer:

The Sri Lanka Police have issued a statement indicating that they have uncovered details of a dangerous financial fraud being carried out through “.apk” files currently circulated via WhatsApp and Telegram. These files, which are often sent to users disguised as wedding invitations, electricity bills, or raffle tickets, appear to be images or PDF documents. However, once opened, they install malicious software onto the device. Through this, hackers are able to gain control of the phone’s screen and access SMS messages.

Through this method, perpetrators are able to obtain confidential one-time password (OTP) codes associated with bank accounts. In light of these risks, the Sri Lanka Police has advised the public to refrain from downloading or opening suspicious “.apk” files received from unknown sources, even if they appear to originate from acquaintances.

The public is further urged to install applications exclusively through trusted platforms such as the Google Play Store or the Apple App Store, and to ensure that the “Install Unknown Apps” option is disabled within device settings. If you are caught in such a fraud, immediately suspend your bank accounts and inform the nearest police station or the Computer Crime Investigation Division of the Criminal Investigation Department. The relevant announcement is declared here.

Furthermore, the Sri Lanka Police has issued a statement indicating that an individual engaging with users via WhatsApp, falsely claiming to represent a service of SriLankan Airlines, directs users to one of several fraudulent websites, namely https://srilankan.wuozgo.cc, https://srilankan.vaco.cc, and https://srilankan.krgo.cc, through which a malicious mobile application titled “SriLankan.apk” is installed on their devices. It has further been revealed that this application functions as a banking Trojan, facilitating an organised scheme of financial fraud.

It has been observed that, upon installation of this application, the perpetrators are able to obtain remote access to affected mobile devices, thereby enabling the exposure and compromise of sensitive data stored on those devices.

It has been discovered that these fraudsters are obtaining One-Time Password (OTP) codes, bank account details, and authentication data (including fingerprints and facial recognition) through the “SriLankan.apk” application, and subsequently transferring funds to other bank accounts via unauthorised transactions. It has also been identified that multiple WhatsApp numbers are being used in this process, and the relevant contact numbers provided in the notification issued by the Sri Lanka Police are set out below.

Phone numbers:

077 – 4558361

011 – 7771979

074 – 1142208

077 – 5791209

074 – 3268200

The full announcement is found here.

Reports were also made through the mainstream media regarding the related smuggling. Those media reports are located here, available here, and here.

SriLankan Airlines

In a statement issued in this regard, SriLankan Airlines stated that it has identified fraudulent activities conducted by certain individuals impersonating staff members via WhatsApp and direct telephone calls. It has been reported that these fraudsters have induced users to install mobile applications on their devices and have subsequently requested the disclosure of sensitive financial information, including one-time passwords (OTP), bank PINs, and credit card details. The statement further clarifies that SriLankan Airlines does not contact customers via WhatsApp, nor does it make telephone calls for ticketing, promotional activities, or any other purpose. It is further emphasised that SriLankan Airlines never requests confidential information such as one-time passwords (OTP), bank PINs, or credit card details, and does not instruct customers to install any mobile applications. SriLankan Airlines requests customers to use its official website www.srilankan.com only. The full announcement is here.

Sri Lanka Computer Emergency Response Forum (SL CERT)

The Sri Lanka Computer Emergency Readiness Team (SL CERT) has issued a notice on its official Facebook page, warning that a fraudulent message is currently circulating on social media claiming to offer discounted flight tickets.

How the SriLankan.apk financial scam works

Scammers contact you via a WhatsApp message or a phone call. They present themselves as official employees of SriLankan Airlines.

They build your trust by making attractive promises like special discounts on flights, promotional offers, ticket assistance, or cashback.

Users are redirected to fraudulent websites controlled by the perpetrators (e.g., srilankan.wuozgo.cc, srilankan.vaco.cc, srilankan.krgo.cc), under the pretext of providing additional information or special offers. From these sites, users are instructed to download and install a software application titled “SriLankan.apk” on their mobile devices.

Once the software is installed, it requests permission to access messages and files, and to enable remote control of the device. Upon granting these permissions, fraudsters gain the ability to remotely operate the phone.

The application functions as a “banking Trojan,” covertly extracting banking application credentials, passwords, and other sensitive financial data.

Even in the absence of any active banking transactions by the user, the perpetrators are able to gain access to the account and, through this application, directly intercept one-time password (OTP) codes received on the device. Ultimately, they covertly transfer funds from victims’ bank accounts to other accounts without authorisation.

Rise of APK-Based Scams

APK scams are a growing cybercrime trend where attackers trick people into installing Android app files (APKs) from untrusted links instead of official app stores.

Typical pattern

Impersonation: Scammers pose as trusted organisations.
Urgency: They pressure targets to act quickly.
Install: They send an APK via WhatsApp, SMS, Telegram, or fake sites.
Takeover: The app requests permissions like SMS and accessibility to control the device.
Theft: Malware can intercept OTPs and steal banking credentials, enabling unauthorised transfers.

Steps to follow to protect yourself from these sophisticated cyber scams

Never open unrecognizable links received through WhatsApp or text messages.
Do not download any software onto your phone outside of official software stores like the Google Play Store or the Apple App Store.
While installing any app, if it asks for permission to read your SMS or control the phone, be very careful.
Individuals are strongly advised never to disclose One-Time Passwords (OTP), CVV numbers, or passwords to any party, including those purporting to represent banks or airlines.
Users should always access SriLankan Airlines services exclusively through its official website.

If you have been affected by such a scam, or possess information regarding attempted fraud, you are urged to immediately report it to the relevant authorities listed below: