Beware of New Year 2026 greeting links as authorities flag malware scam on WhatsApp
As people across India prepare to welcome New Year 2026 with messages and digital greetings, cybercrime authorities have issued a caution about a fresh scam circulating on WhatsApp and other messaging platforms. Officials say seemingly harmless New Year greeting links are being used to spread malware that can steal personal and banking information from smartphones.
Cyber units in Telangana, including Hyderabad Police and the Telangana Cyber Security Bureau (TGCSB), have flagged a rise in messages that appear as personalised New Year cards, festive animations, or digital gifts. These messages often urge users to click a link to “view your greeting” or “claim a New Year surprise,” and in some cases appear to come from a known contact or a family group.
According to officials, the risk begins as soon as the link is opened. Instead of displaying a greeting, the link redirects users to download an APK file on Android devices, often named with festive titles such as “Happy New Year.apk.” Once installed, the file can silently run malware in the background without obvious signs.
Police sources say this malware is capable of accessing sensitive data stored on the phone, including SMS messages, contact lists, photo galleries and banking alerts. Because it can read incoming one-time passwords, attackers may be able to bypass two-factor authentication and carry out unauthorised financial transactions. In several reported cases, compromised phones have also been used to automatically forward the same malicious link to contacts, allowing the scam to spread quickly.
Cyber officials note that these scams rely heavily on trust rather than fear or urgency. During festive periods, people are more likely to open links shared within family or workplace groups without verifying them. TGCSB officials have warned that this makes New Year and festival seasons especially attractive for fraudsters looking to exploit lowered digital caution.
Authorities have advised users to avoid clicking on links that ask them to install or update an app simply to view a greeting. They recommend sticking to plain text messages, images or videos shared directly within the app, and downloading applications only from official app stores. Enabling WhatsApp’s two-step verification and regularly checking linked devices can also add an extra layer of protection.
Officials have also reminded users to stay alert to other account takeover methods, including recent reports of attackers misusing WhatsApp’s device-linking feature to gain unauthorised access. While investigations into such techniques are ongoing, police say basic digital hygiene remains the most effective defence.
If someone accidentally clicks on a suspicious link or installs an unknown app, cyber experts advise acting immediately. Disconnecting the device from the internet, uninstalling unfamiliar applications, and informing the bank can help limit potential losses. Reporting the incident quickly is critical, as early action improves the chances of blocking fraudulent transactions.
Victims or suspected victims can contact the national cybercrime helpline at 1930 or file a complaint through the official cybercrime reporting portal. As authorities continue to monitor a surge in festive-season scams, they are urging people to celebrate responsibly online as well as offline, ensuring that a New Year greeting does not turn into an avoidable financial setback.
