It often begins with a simple call on WhatsApp. A humble voice, claiming to be from your bank, and warning about “immediate issues” in your account. They request that you share your screen for a quick fix. The routine looks like troubleshooting, in fact, is a well -placed mesh.

In this relatively new mode of the scam, fraudsters posed as bank employees or financial services representatives and persuaded the victims to enable WhatsApp screen-sharing. Once the victim complies with, the fraudsters see in real time because sensitive details on the screen flash -password, OTP or bank account number.

In many cases, they increase fraud by asking the target to install screen-marring or remote-decatop apps under the guise of “resolution errors”.

This not only allows them to peep, but also misuse this data to record which keys are hitting their mobile phones and stealing files on their mobile phones, eventually this data misuses this data to hijack the victim’s bank account or withdraw money.

A 2025 report note by safe Internet India has been made on the strategy of tech -port-themed fraud. The difference is that it is happening on WhatsApp, the instant messaging app that has more than 53 crore users in India gives scammers a comprehensive target basis.

Kylogger threat

But the real danger does not end with screen sharing. Rapidly, scammers trick users to download malicious apps carrying hidden kelogors, screen tools that quietly record every keystroke. This call gives scammers access to the victim’s phone, long after the call is finished, sends sensitive information such as banking login and social media credentials.

India today analyzed a malicious APK (Android Package Kit), who is disguised as the Axis Bank app, and found that the suspected system requests permissions, including all established apps and continuous background activity access. If provided, the app can remain active even after rebooting the phone.

This motivates users to enable accessibility services, allowing it to capture every keystroke, screen interaction and even autofil data. With network access, stolen credibility and OTP can be sent directly to the attacker server.

Such keepers do not only enable immediate fraud. They allow long -term monitoring, identity theft and even resale of data stolen on the dark web.

The 2025 Global Mobile Threat Report published by the US-based Zimprium says that the apps downloaded from the non-official app store are among the top threats for the public sector in the US.

Be safe

Some steps have been given to avoid being victims of this scam below:

• Never share your screen on WhatsApp with anyone claiming to be a bank officer.
• Do not download APK sent via chat or link. Stick to the official app store.
• On-screen keyboards are available on many banks and financial firms websites and apps. Use them as they reduce contact with keyloggers.
• Update the devices regularly and report suspicious calls or links to your bank or cyber crime helpline (1930).