26-8-2023 (SINGAPORE) In a recent development, the Singapore police have apprehended thirteen individuals, including two teenagers, suspected of being involved in malware scams that specifically targeted Android users in banking-related fraud. The authorities made the arrests as part of an anti-scam enforcement operation conducted between August 14 and August 25, as announced in a police news release on Saturday (August 26).
Among those arrested were seven men and four women, aged between 17 and 25, along with two 15-year-old individuals. Additionally, two women aged 29 and 39, as well as another 15-year-old teenager, are currently assisting with ongoing investigations.
Preliminary findings from police investigations suggest that the thirteen suspects allegedly facilitated the scam by allowing their bank accounts to be used in fraudulent activities. Some of them also disclosed their internet banking credentials or Singpass credentials for monetary gains.
The police have observed a rise in cases involving malware that compromises Android mobile devices since January. These cases result in unauthorized transactions being made from victims’ bank accounts, even though they did not disclose their internet banking credentials, one-time passwords, or Singpass credentials to anyone.
In such instances, victims responded to advertisements on social media platforms and were subsequently instructed by scammers to download a malicious Android Package Kit from unofficial app stores. This facilitated the installation of malware on the victims’ mobile devices. The scammers would then persuade the victims, through phone calls or text messages, to enable accessibility services on their Android phones. This granted the scammers full control over the devices.
By gaining control, the scammers were able to log every keystroke and steal banking credentials stored on the phones. They could remotely access the victims’ banking apps, add money mules as payees, raise payment limits, and transfer funds to the designated money mules. To cover their tracks, the scammers also had the ability to delete SMS and email notifications related to the bank transfers.
The police have advised the public to exercise caution and refrain from clicking on suspicious links, scanning unknown QR codes, or downloading mobile apps from third-party websites. Such unverified apps may contain malware that significantly compromises the security of mobile devices. Individuals are urged to be wary of requests for Singpass and banking credentials, as well as money transfers and offers that seem too good to be true.
Furthermore, the police emphasized the importance of downloading apps exclusively from official app stores and recommended enabling security settings to safeguard personal devices.
Earlier in August, the police arrested ten individuals, including a 16-year-old, for their alleged involvement in similar banking-related malware scams targeting Android users. Similarly, in June of this year, nine individuals were apprehended for perpetrating the same scam, resulting in victims losing over S$221,000 (US$164,000), including more than S$114,000 in CPF savings.
Investigations into the most recent round of arrests are ongoing. Offenders convicted of acquiring benefits from criminal conduct may face imprisonment for up to 10 years, a fine of up to S$500,000, or both. Those found guilty of deceiving banks into opening unauthorized accounts and disclosing bank account login details may be subject to a three-year jail term, a fine, or both under the Penal Code. Additionally, charges under the Computer Misuse Act may also be filed against the offenders. For revealing Singpass credentials, offenders may face a maximum sentence of three years’ imprisonment, a fine of up to S$10,000, or both.
