Sri Lanka Police have warned the public of a fraud scheme using a malicious mobile application disguised as a SriLankan Airlines service, the Police Media Division said on April 23.
Fraudsters are contacting victims via WhatsApp and directing them to download an app named “SriLankan.apk” from three impersonating domains: srilankan.wuozgo.cc, srilankan.vaco.cc and srilankan.krgo.cc. The app, police said, operates as a banking trojan that grants criminals remote access to the victim’s phone.
Once installed, the malware captures one-time passwords (OTPs), bank account details and biometric authentication data including fingerprints and facial recognition, police said. Criminals then use the harvested credentials to transfer funds out of victim accounts.
Police initially linked five local phone numbers to the operation. The Police Media Division issued a revised statement on May 8 after SriLankan Airlines clarified that one of the numbers — 011-7771979 — is its own official, lawful contact line and should not have been listed. The corrected list is 077-4558361, 074-1142208, 077-5791209 and 074-3268200. Police urged the public not to install applications shared through WhatsApp or other messaging services; many victims, investigators said, were lured by promises of immediate financial benefits such as discounted tickets or refunds.
The warning sharpens an earlier SriLankan Airlines alert about scam calls and WhatsApp impersonation issued this month, and follows a broader CID advisory on police-impersonation cyber scams. Kaspersky reported this year that Sri Lanka logged nearly 15 million local malware incidents in 2025, a scale it called consistent with a rapidly digitising banking base still adopting mobile authentication.
The Police Media Division said anyone contacted by the racket should report the incident to local police and to their bank’s fraud hotline immediately.
