Online fraudsters are using new technology that bypasses security features of UPI apps to carry out financial transactions, cyber intelligence firm CloudSEK claimed in a report. Digital Lutera represents a structural attack on device trust. UPI apps process transactions after verifying the SIM of the phone number with which the account associated with it is installed in the mobile phone. The result is disturbing: a victim's UPI account can be registered and controlled on a completely different device - even though the actual SIM card never leaves the victim's phone," the report said. The cyber intelligence firm said that after manipulating the android device, it makes the UPI app believe that messages for verification have genuinely emanated from the smartphone.

Source: The Telegraph March 11, 2026 14:12 UTC