A fake Facebook APK, a Singaporean ‘friend,’ and a fabricated crypto trading app cost a Kondapur software employee his life savings over three months.
HYDERABAD, April 6 — Veerabhadra Rao didn’t wire Rs 2.36 crore to a stranger on day one. He did it slowly, transaction by transaction, over three and a half months while a fake app on his phone showed his fortune growing.
The Kondapur software employee is the latest casualty in an escalating cyber fraud epidemic sweeping India’s IT hubs. And this one didn’t rely on panic or threats. It relied on a meticulously constructed digital illusion called the “Facebook Store.”
Rao lodged a formal complaint with the Cyberabad Cybercrime Police this weekend. The details of the FIR lay out a playbook that blends social engineering with crypto-laundering. The scammers didn’t hack his bank. They convinced him to empty it himself.
It started in August 2025 with a simple friend request.
The profile belonged to a woman calling herself Kora. She had a tight, believable backstory. Kora told Rao she was originally from Singapore, currently working in Mumbai, but living in Hyderabad with her mother and stepfather. She wasn’t asking for money. She was just chatting.
For days, they exchanged messages. Then, she moved the hook.
Kora casually mentioned she had friends in Germany and other countries who were making massive profits trading on something she called the “Facebook Store.” She invited Rao to join a Facebook group. She told him he should start trading if he had spare capital.
Rao refused. But scammers have patience. They kept the pressure low and the promises high. Eventually, he caved.
Kora sent him a link to access the trading platform. When the link failed to open on his device, she offered a quick workaround. She sent him an APK file. This is an Android application package that bypasses official app stores. It strips away Google Play’s security checks and installs directly onto the device. Rao downloaded it.
What installed on his phone looked exactly like a legitimate Facebook interface. It wasn’t.
The syndicate designed the app as a closed ecosystem, built solely to display fabricated market data and non-existent profits. Kora instructed Rao to buy and sell items within this storefront. To ensure he felt supported, she shared the contact number of a “German friend” named Bella, who would serve as his trading advisor.
Under Bella’s direct instruction, Rao began moving money. Between September 1 and December 12, 2025, he funneled a staggering Rs 2.36 crore into the platform.
He didn’t use standard bank transfers. He used a crypto wallet. This is where the money actually vanished, converted into untraceable digital assets the moment it left his control. Cryptocurrency operates outside the jurisdiction of traditional banking guardrails. Once you authorize a transfer to an external wallet, the blockchain permanently records the transaction, but the identity of the receiver remains hidden behind an alphanumeric string.
Did the app show him losing money? No.
That’s the cruelest part of the con. The dashboard displayed massive, consistent profits. Rao saw his initial investments multiplying. The screen validated every lie Kora and Bella told him. But when he finally tried to withdraw his supposed earnings, the platform locked him out. It offered no withdrawal option.
He begged Kora for the money back. He demanded his original capital. They ghosted him.
Cyberabad Police have registered a case and launched an investigation. But recovering funds routed through international crypto wallets is a notorious dead end for Indian law enforcement. The money scatters across decentralized exchanges, fractured into fractions of Bitcoin or Tether, and disappears.
This isn’t an isolated incident. Scams targeting high-earning tech professionals in Hyderabad, Bengaluru, and Pune have skyrocketed. The fraudsters know exactly who has disposable income, and they know how to exploit the tech-savvy ego. They wrap their theft in the language of exclusive alpha-trading and IPOs.
A single bad click cost a man everything.
Investigators at the Cyberabad cybercrime desk see this pattern daily. It’s a variation of the classic “pig-butchering” scam—a term coined by the syndicates themselves. They fatten the victim with fake returns before slaughtering their bank accounts. The grooming phase is slow. The perpetrators invest weeks building a rapport, establishing trust, and mirroring the victim’s interests. Kora didn’t lead with a pitch. She led with a conversation about living in Hyderabad. She made herself tangible.
The use of a fake APK file is particularly insidious. By sidestepping the Google Play Store, the scammers pushed malicious software onto Rao’s device without triggering standard malware alerts. The syndicate designed the app to mimic Facebook’s blue-and-white architecture flawlessly. For a user accustomed to trusting Big Tech platforms, the visual familiarity overrides critical thinking. It looks real, so it must be safe.
But the real genius of the operation was the introduction of Bella. By splitting the roles—Kora as the friendly confidante, Bella as the authoritative financial advisor—the syndicate created a fake consensus. If two independent people validate the platform, the victim feels secure. It’s a psychological pincer movement.
Now, the Cyberabad police are trying to trace the digital footprints. They will request logs from the cryptocurrency exchanges used to route the funds. They will track the IP addresses associated with Kora and Bella’s communication. But seasoned investigators know these trails usually lead to compromised servers in Cambodia, Myanmar, or Eastern Europe. The syndicates operate out of massive, heavily guarded compounds, often using trafficked labor to run the chat scripts. Getting a subpoena enforced in these jurisdictions is legally impossible. The trail goes cold the moment the crypto crosses an international border.
The scale of the theft Rs 2.36 crore places this among the higher-end individual losses recorded in Hyderabad this year. It wipes out years of savings, investments, and future security. Often, victims in this bracket don’t just lose cash reserves. They liquidate mutual funds. They break fixed deposits. They take out massive personal loans to keep feeding the fake platform, convinced that just one more deposit will unlock their trapped profits. Rao’s complaint details a relentless bleeding of assets over three full months.
Law enforcement agencies repeatedly issue advisories about downloading third-party APKs and transferring crypto to unverified trading platforms. But the warnings rarely reach the targets until it’s too late. The syndicates adapt faster than the public awareness campaigns. They change the names of the fake apps, the scripts they use, and the platforms they exploit.
For Veerabhadra Rao, the reality is already clear. The millions he saw on his screen were never real, but the money he lost absolutely was.
