Tech / Society / Crime

Scammers have sent APK files disguised as wedding invitation PDFs to thousands of Bengaluru residents. Those who opened the file had their contacts, messages, and banking apps compromised. The scam works because Indians cannot ignore a wedding invitation. This is a known vulnerability. It is now being exploited.

By Prompt Engineer Pandey  |  May 11, 2026  |  Tech / Society

BENGALURU — Cybercriminals have discovered the single most effective vector for attacking Indian mobile phone users: the wedding invitation. Thousands of Bengaluru residents have received WhatsApp messages from unknown numbers containing what appears to be a wedding invitation — a PDF titled something like "Sharma_Wedding_Invitation.pdf" or "Riya_Weds_Rohan_Invite.apk" — that is actually a malicious APK file. Those who clicked it and installed it handed the attackers full access to their contacts, messages, photos, and in many cases their banking applications.

The scam is elegant in its cultural specificity. In India, wedding invitations arrive from numbers you don't recognise because the bride or groom's cousin who has been tasked with digital distribution has your number from a shaadi.com inquiry in 2019 and has never spoken to you since. You do not question the unknown number. You do not question the PDF. You open it because you have been opening wedding invitations from unknown numbers your entire adult life and there has never been malware in one before. Until now. Congratulations, cybercriminals. You have studied us.

"The file looks exactly like a wedding invitation PDF."— Bengaluru Cyber Crime police, May 11, 2026. Of course it does. The scammers used marigold borders, a Ganesha in the top left, Palatino font, and an ivory background. They did the research. They attended to the details. This is, unfortunately, impressive.

The Bengaluru Cyber Crime police have issued an advisory: do not open APK files received on WhatsApp, even if they appear to be from known contacts, even if they appear to be wedding invitations, even if the Ganesha looks legitimate. Indians are being asked to be suspicious of wedding invitations. This is the most psychologically complex cybercrime advisory ever issued. The police know this. They issued it anyway. They had no choice. The malware is in the mandap.

Wedding Invite ScamBengaluru MalwareAPK WhatsAppGanesha Top LeftPalatino Font HackMalware In The Mandap
Disclaimer: Satire. The wedding invitation APK scam in Bengaluru is real and reported today by LatestLY and Cyber Crime police. The detail about Ganesha and Palatino font is editorial embellishment. The cultural analysis is accurate and free of charge. — Ed.