A sophisticated mobile fraud operation has been uncovered, distributing a malicious 'RTO Challan / e-Challan' Android application via WhatsApp. The APK uses advanced obfuscation and hidden installation techniques to establish persistent control over victims' devices. It creates a custom VPN tunnel to mask network activity and harvests extensive personal, device, and financial information. The malware intercepts OTPs, manipulates call behavior, and presents a fraudulent payment interface to steal banking credentials. Analysis of the C2 infrastructure revealed obfuscated Base64-encoded URLs pointing to malicious domains. The campaign combines mobile malware, financial fraud, and social engineering, posing a high-risk threat capable of severe monetary losses and large-scale exposure of sensitive personal data.