Recently, a cybersecurity expert named Dr. Arif Hakimi shed light on a deceptive tactic used by scammers to access personal data stored on mobile phones. In a detailed TikTok video, Dr. Arif shared his own experience after his wife received a suspicious "wedding invitation" via WhatsApp, which turned out to be a scam.
A Seemingly Innocent File With a Hidden Threat
According to Dr. Arif, the invitation message included a file labeled as a PDF (Portable Document Format). However, upon closer inspection, the file was actually an APK (Android Package Kit), a file format used to install apps on Android devices.
"So I want to show you what's inside that APK file and how this scammer or hacker accesses our phone. Let's take a look at how they do it," Dr. Arif said in the video.
@dr.arif.hakimi Hati hati, macam ni lah scammer atau hacker ambil data dalam phone. Video ni akan tunjuk modus operandi scammer menggunakan jemputan kad kahwin dan hantar file APK untuk mengambil data peribadi mangsa.
original sound - Dr Arif
To demonstrate, he had his wife forward the suspicious file to his own phone, allowing him to investigate it further using a computer.
Inside the Malicious APK File
After extracting the file, Dr. Arif revealed several alarming commands embedded within the APK. These commands were designed to manipulate the phone's operating system and grant the scammer unauthorized access to the device. Among the functions enabled by the APK were:
Reading and receiving SMS messages
Accessing call logs
Automatically reactivating the malicious app when the phone is restarted
Gaining access to WhatsApp, MMS, emails, and more
Once this sensitive information is collected, the scammer sends it to a Telegram account through an API (Application Programming Interface).
"Then, after they extract the data from WhatsApp, email, MMS, they will compile everything and send it to.... well, the source, where the collected data is sent, we call it an API," Dr. Arif explained. "An API to Telegram. This means the hacker or scammer is using Telegram to receive our data via this API."
What Happens to the Stolen Data?
Dr. Arif went on to explain that all the extracted data, including app types, contact numbers, messages, and phone model information, is compiled into a single file. This file is then transmitted directly to the scammer's Telegram account.
This method, he warned, is often used to gain access not just to social media accounts, but also to sensitive banking information stored on victims' phones.
A Warning to the Public
In another video, Dr. Arif demonstrated what happens when someone downloads an APK file onto their phone. He strongly advised against attempting this at home due to the potential danger involved.
@dr.arif.hakimi Apa akan jadi kalau kita install scammer punya APK? Mari kita lihat macam mana bentuk aplikasi APK ni lepas kita dah install.
original sound - Dr Arif
One notable point he made was how these malicious APK files are often disguised with generic names like "setting," making it easy for users to overlook or misunderstand their presence.
Before an APK file is installed, Android devices typically prompt users to approve the installation. However, Dr. Arif emphasized that many users, especially the elderly, tend to click next repeatedly without reading the permissions being granted.
"It's the same with the elderly. Sometimes older people aren't familiar with technology, they just keep pressing 'next, next.' And eventually, the APK or the manual is downloaded onto the phone," he said.
Positive Public Response
The comment section of Dr. Arif's video was filled with praise from viewers who appreciated his educational content. Many expressed interest in learning more about how APK files are used by scammers to exploit mobile phone users.
Dr. Arif's warning serves as an important reminder to always remain vigilant when receiving unsolicited files or links, even from familiar platforms like WhatsApp. As mobile scams become more sophisticated, understanding the tactics used by cybercriminals is key to staying safe.
