A new Android malware campaign, identified as GhostBat RAT, targets Indian users by masquerading as fake Regional Transport Office (RTO) applications to steal banking data and personal information. Utilizing deceptive methods such as phishing pages that imitate the legitimate mParivahan app, the malware employs sophisticated multistage dropper techniques, including ZIP header manipulation and extensive string obfuscation, to evade detection. Victims are tricked into providing sensitive information, including their UPI PINs, through counterfeit interfaces. This alarming trend underscores the necessity for heightened cybersecurity awareness and robust mobile threat intelligence to protect users from evolving malware threats in India, as the campaign exemplifies a dangerous blend of social engineering and advanced technical tactics.