In a sophisticated cyber threat amid India’s push for digital governance, cybercriminals have unleashed an Android malware campaign targeting users with fake offers under the PM Surya Ghar: Muft Bijli Yojana, a February 2024 government scheme providing solar subsidies up to 60% for rooftop installations. Discovered by McAfee on August 19, 2025, the attack leverages YouTube videos with shortened URLs directing victims to GitHub-hosted phishing sites mimicking the official pmsuryaghar.gov.in portal, tricking users into downloading malicious APKs that steal banking details, SMS messages, and enable remote device control via Firebase. This operation, with repository updates since October 2024, has prompted swift responses from Google and GitHub, blocking associated accounts. From India’s strategic security lens, such scams undermine financial inclusion efforts, heighten risks of data breaches amid rising digital adoption, and underscore the need for robust CERT-In-led defenses against foreign-orchestrated threats exploiting national welfare programs, potentially destabilizing economic stability.