Saturday, Mar 21, 2026 23:15 [IST]
Last Update: Saturday, Mar 21, 2026 17:40 [IST]
A nationwide alert has been raised as LPG cylinder-related cyber scams continue to surge across India, with fraudsters misusing the names of major providers like Bharat Gas, Indane, and HP Gas to target consumers. While authorities have confirmed that there is no actual shortage of LPG cylinders, rumours circulating online have created panic, which cybercriminals are actively exploiting through fake booking links, messages, and calls.
Incidents reported from states including Maharashtra, Punjab, Odisha, Karnataka, and Uttarakhand show a clear pattern. Victims are receiving SMS and WhatsApp messages claiming issues with LPG booking, payment failures, subsidy updates, or threats of connection disconnection. These messages often appear legitimate, using familiar company names and branding, making it difficult for users to identify the fraud. In many cases, victims are redirected to fake booking websites or asked to install mobile applications that result in financial loss.
Cybersecurity experts at TraceX Labs have revealed that these attacks are far more advanced than traditional scams. Many of the files being circulated are trojanized APK applications embedded with Remote Access Trojans (RATs). Once installed, these apps silently take control of the victim’s device, allowing attackers to monitor activity, read messages, capture OTPs, and gain unauthorized access to banking and UPI applications.
The threat becomes more severe with the use of advanced UPI bypass techniques, where attackers manipulate authentication tokens to execute transactions without triggering standard user verification. This enables fraudsters to drain money quickly and discreetly, often without immediate detection. Such techniques are increasingly being used in modern mobile malware campaigns targeting financial systems.
Another alarming aspect of this scam is its chain-based spread mechanism. Once a device is compromised, the malware can automatically access contacts and forward malicious links or APK files to friends and family via messaging apps. Since these messages originate from trusted contacts, recipients are more likely to click on them, unknowingly continuing the cycle. This viral spread makes the scam harder to contain and allows it to expand rapidly across networks.
Apart from malware-based attacks, fraudsters are also deploying fake LPG booking websites that closely resemble official portals of Bharat Gas, Indane, and HP Gas. Additionally, they are using QR code scams promising cashback and screen-sharing apps to gain full remote access to devices. Victims are often convinced they are completing a routine booking or verification process, while in reality, they are exposing sensitive financial information.
Experts emphasize that this is a well-organized cybercrime operation combining social engineering, malware deployment, and financial exploitation. The attackers rely on fear, urgency, and trust in well-known LPG brands to manipulate users into acting without verification.
To stay safe, consumers are strongly advised to use only official LPG booking platforms and verified distributor channels. They should avoid clicking on unknown links, never download APK files from untrusted sources, and strictly refrain from sharing OTPs, UPI PINs, or banking details. Even messages received from known contacts should be verified, as compromised devices can unknowingly spread malicious content.
Authorities across India are actively working to spread awareness and curb these scams. Citizens are urged to remain calm and avoid panic-driven actions. In case of suspected fraud, immediate reporting to the national cybercrime helpline 1930 can help reduce potential financial loss.
This rise in LPG cylinder scams highlights how cybercriminals are evolving their methods by blending misinformation, trusted brand impersonation, and advanced malware techniques. Awareness and vigilance remain the strongest defenses against such rapidly growing digital threats.
