CNA – Police arrested 10 suspects, including a 16-year-old, for their suspected involvement in a spate of banking-related malware scams that plagued Android users.
The malware resulted in unauthorised transactions from victims’ bank accounts.
The suspects were rounded up during an island-wide operation between July 31 and August 11 targeting scammers, with the officers responsible for the arrests from the Commercial Affairs Department and Police Intelligence Department.
Six others, aged between 17 and 60, are assisting in investigations. The police said in a statement yesterday that they have seen an increase in the number of reports on Android phones being compromised by malware, leading to unauthorised banking transactions.
This occurred despite victims not disclosing their Internet banking credentials, one-time passwords or Singpass credentials to anyone.
The police said the victims fell prey to these scams after responding to advertisements on social media platforms, whereupon scammers would instruct them to download Android Package Kit files from third-party app stores to make purchases.
Instead of a legitimate app, however, malware would be installed on their phones, with scammers urging the victims to enable accessibility services on their devices.
In doing so, their phones became vulnerable and this allowed scammers to take full control of the devices, including enabling them to record every keystroke and steal banking credentials stored on the phone.
The scammers could then remotely log in to victims’ banking apps, add money mules as payees, raise payment limits and transfer money. They could also erase their tracks by deleting SMS and email notifications that the banks issued.
The police said the 10 suspects allegedly facilitated scam cases by giving up their bank accounts, Internet banking credentials and, in some cases, Singpass credentials for monetary gain.
Urging the public to exercise caution when downloading apps, the police said suspicious links, QR codes, third-party websites and unknown sources should be avoided.
Besides downloading apps from official app stores, they recommend checking the number of downloads and user reviews before clicking on the instal button.
“Always be wary of any requests for banking credentials, money transfers or attractive offers that sound too good to be true.
“Members of the public are advised to turn on security settings, such as disallowing installation of apps from unknown sources, to help protect their devices,” said the police.