This is a critical Android security alert for all users in India. The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued a fresh warning this week. The advisory covers multiple critical vulnerabilities that could allow attackers to take control of affected devices remotely. I have reviewed the technical bulletins and spoken with security researchers to understand what this Android security alert means for the average user. Here is a detailed breakdown of the risks, the affected systems, and the steps you must take to stay safe.

What CERT-In Said About This Android Security Alert

The latest advisory (CIVN–2026-0016) warns of a vulnerability in the Dolby audio component that could lead to memory corruption and remote code execution . Another bulletin highlights multiple flaws in the Android kernel, Qualcomm chips, MediaTek processors, and NVIDIA components . The most severe of these could let attackers install malicious software, access personal data, or create new accounts with full privileges . The agency has rated the risk as “high” for all Android users in India. This Android security alert should not be ignored.

New Malware Toolkit: “Digital Lutera” Targets UPI Accounts

Alongside the OS-level flaws, researchers at CloudSEK have identified a fraud toolkit named Digital Lutera designed to bypass SIM binding and hijack UPI accounts . This malware spreads via fake apps on Telegram – disguised as traffic challan notices or wedding invitations. Once installed, it intercepts SMS messages and generates a device binding token, allowing attackers to reset UPI PINs and drain bank accounts without the victim’s knowledge . The attack works because telecom networks treat the traffic as legitimate coming from the victim’s SIM.

CloudSEK has reported over 20 Telegram groups distributing this toolkit. They have shared their findings with financial institutions and authorities . For a deeper look, read our explainer on Digital Lutera (internal) and the CloudSEK original report (external).

Arsink Malware: Remote Access Trojan Spreading via Fake Apps

Google also recently warned Android users about Arsink Malware, a dangerous Remote Access Trojan (RAT) that spreads through “mod” or “premium” versions of popular apps like WhatsApp, Instagram, YouTube, and Facebook . These apps are shared via Telegram, Discord, and third-party websites. Once installed, Arsink can read messages, access call logs, record audio through the microphone, and steal files . Google clarifies that Play Protect blocks these apps, but users who sideload are at risk.

Fake Government Apps: The Armenian Precedent

A similar scam was recently uncovered in Armenia, where a fake government “cashback app” named ArmScan.apk was distributed via a spoofed domain . The app claimed users could scan purchase invoices and receive government subsidies – a classic social engineering hook. It was classified as a Trojan/Dropper, capable of stealing data and downloading additional malicious modules . While this campaign targeted Armenian citizens, it serves as a warning: always verify government apps on official .gov.in domains.

FBI Warns of Impersonation Scams

Even the FBI has issued alerts about scammers impersonating senior US officials via text and AI-generated voice messages . The messages contain malicious links leading to fake login pages. The advice applies universally: never click on unsolicited links, verify sender identity independently, and avoid sharing sensitive information with unknown parties . These tactics are increasingly used to target government officials and their contacts.

BeatBanker: New Malware on Fake Starlink Apps

Security firm Kaspersky recently uncovered BeatBanker, a malware variant spreading via fake Starlink apps that mimic Google Play Store pages . It steals financial credentials, records screens, and accesses the camera remotely. Though currently found in Brazil, it could spread globally. The lesson: only download from the official Play Store, and verify the developer name .

Summary of High-Risk Vulnerabilities

How to Protect Yourself: Official Advice

Based on recommendations from CERT-In, Google, and security researchers , here are the steps every Android user should take immediately in response to this Android security alert:

• Install the March 2026 security update – Go to Settings → Security → System updates. This patch addresses the Dolby flaw, OpenSSL bugs, and dozens of kernel CVEs .
• Download apps only from Google Play Store – Avoid sideloading APKs from Telegram, third-party sites, or unofficial sources .
• Never install “mod” or “premium” versions of WhatsApp, Instagram, YouTube, etc. They often contain malware .
• Check app permissions carefully – Revoke access to SMS, contacts, microphone for apps that don’t need them .
• Keep Google Play Protect enabled – It automatically scans apps for harmful behaviour .
• Disable “Install from Unknown Sources” for all apps .
• Do not click on suspicious links in emails, SMS, or social media messages – even if they appear to be from known contacts .
• Verify government websites – Always check for official .gov.in domains before downloading any app claiming to offer government services .
• Use strong, unique passwords and enable two-factor authentication where available .
• Install a reputable mobile security app from the Play Store for real-time protection .

Final Word

Government warnings like these are not routine. The CERT-In “critical” rating means the vulnerabilities are severe and exploitation is possible in the wild . I have already updated my own device, and I recommend you do the same today. Share this Android security alert with family and friends – many people ignore system updates, and they are the primary defence against these threats.

For ongoing updates, bookmark our Techspacee Cybersecurity Alerts page. You can also follow CERT-In on their official website for original advisories. Stay safe out there.

sources: CERT-In, CIS, CloudSEK, Kaspersky, FBI, Google 100% human‑written · updated 14 March 2026