Synopsis: Cybersecurity researchers have identified a sophisticated fraud toolkit named “Digital Lutera” that allows attackers to bypass security features of UPI apps and gain control over bank accounts. The malware spreads through Telegram groups and malicious APK files, enabling fraudsters to intercept OTPs and execute unauthorised digital payment transactions.
Cybercriminals Use ‘Digital Lutera’ Toolkit to Bypass UPI Security Systems
A sophisticated cyber fraud operation has been uncovered where attackers are exploiting advanced technology to bypass security protections in UPI-based payment applications. Cyber intelligence firm CloudSEK reported that cybercriminals are deploying a toolkit known as “Digital Lutera” to manipulate mobile operating systems and gain unauthorized access to users’ bank accounts.
According to the report, this toolkit enables attackers to compromise device-level security controls, allowing them to execute financial transactions without the victim’s knowledge.
Telegram Groups Fuel the Spread of Digital Lutera Malware
The investigation identified at least 20 active Telegram groups where the Digital Lutera toolkit is being shared and discussed among cybercriminals. Each group reportedly has more than 100 members actively involved in deploying the malware for fraudulent activities.
Shobhit Mishra, Threat Researcher at CloudSEK, explained that the toolkit represents a structural attack on device security. When a mobile device’s operating system is compromised, common safeguards such as SIM-binding and application signature verification may become ineffective.
Experts warn that if such techniques remain unchecked, they could lead to large-scale account takeover attacks across India’s digital payments ecosystem.
How the Digital Lutera Fraud Mechanism Works
Cybersecurity analysis revealed that transactions worth approximately Rs. 25–30 lakh were executed within just two days in a single fraud network group, highlighting the speed and scale of this operation.
The fraud typically begins when a victim unknowingly installs a malicious APK file disguised as a legitimate notification. These fake notifications may appear as:
- Traffic challan alerts
- Wedding invitations
- Delivery notifications
- Government or service alerts
Once installed, the malware gains permission to access SMS messages on the device.
Attackers then use specialized Android framework tools on their own devices to manipulate system identity and intercept bank-related messages. Registration SMS messages and OTPs generated by banks are automatically forwarded to Telegram channels controlled by the fraudsters.
To avoid suspicion, fake “sent” messages are inserted into the victim’s phone records, creating the illusion that transactions were authorised.
UPI Accounts Can Be Controlled Without Removing SIM Card
One of the most concerning aspects of this technique is that fraudsters can register and operate a victim’s UPI account on a completely different device without physically removing the victim’s SIM card.
This is possible because the malware secretly forwards OTPs and verification messages to the attackers, allowing them to complete the registration and authentication process remotely.
Cybersecurity firm CloudSEK has reportedly alerted regulators and financial institutions about the threat so that preventive measures can be implemented.
Safety Tips to Protect Against Digital Payment Fraud
Cybersecurity experts have advised users to remain cautious while installing mobile applications and responding to unknown digital notifications.
Users should follow these safety practices:
- Install applications only from trusted platforms such as official app stores.
- Avoid downloading APK files from unknown sources.
- Never share OTPs or banking credentials with anyone.
- Verify suspicious messages or alerts before clicking on links.
- Regularly update mobile devices and security software.
Experts emphasize that digital awareness and strong user verification practices remain the most effective defence against evolving cyber threats.
Growing Cyber Threats in the Digital Payments Ecosystem
The emergence of tools like Digital Lutera highlights the increasing sophistication of cybercriminal networks targeting digital financial systems. With the rapid expansion of UPI and mobile banking in India, cybercriminals are constantly attempting to exploit technological vulnerabilities.
Authorities and cybersecurity professionals believe that stronger digital awareness campaigns, proactive monitoring systems, and enhanced regulatory safeguards are essential to protect users from large-scale financial fraud.
📌 Key Takeaway
Cybersecurity researchers have identified the “Digital Lutera” malware toolkit that can bypass UPI security safeguards by intercepting OTPs and manipulating device-level controls. Users are strongly advised to avoid installing suspicious apps and follow strict digital safety practices to prevent financial fraud.