Android phone users lose $10 million to malware scam which executes unauthorised banking transactions

Farah Daleymail

Posted on 21 September 2023 | 8,085 views | 11 comments

More than 50 victims have lost more than $10 million in the first half of 2023 after downloading malware onto their phones.

The police said in a statement that they have observed a new variant of malware scams where factory reset would be initiated by scammers on the victims' infected devices after malware executes unauthorised transactions on the phone's banking app.

Victims would come across advertisements for various devices, including food purchase, home cleaning, and pet grooming, on social media platforms like Facebook and Instagram.

The victims would contact the 'sellers' via the social messaging platforms or WhatsApp and would then be sent a URL to download an Android Package Kit (APK) file, an application created for Android's operating system.

After downloading and installing the APK file, which includes granting the app accessibility services, the victims would then be instructed to make a PayNow transfer of $5 as a deposit for these services.

Unknown to the victims, their internet banking credentials would be stolen by the malware's keylogging function upon the transfer.

After accessing and performing unauthorised transactions from the victims' banking accounts, the scammers would initiate a factory reset on the victims' devices.

The victims would discover the unauthorised transactions after calling their banks or when they re-install the banking apps on their devices.

The police remind members of the public of the danger of downloading apps from third-party or dubious sites.

Those who suspect that their phones are infected with malware should take the following steps:

  • Turn the phone to flight mode. Check that its Wi-Fi is switched off and do not switch it on. 

  • Run an antivirus scan on the phone. 

  • Use another device to check bank, Singpass and CPF accounts for any unauthorised transactions. 

  • Report any unauthorised transaction to the bank and police. 

  • As a further precaution, users can do a factory reset of their phones and change important passwords.

For more information on scams, visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688.

Anyone with information on such scams may call the police hotline on 1800-255-0000, or submit information online at www.police.gov.sg/iwitness

Get more of Stomp's latest updates by following us on Facebook, WhatsApp, Twitter, Instagram and YouTube.

Related Stories
The accessories purportedly used by the accused in the commission of crime were seized as case exhibits. Photo: Singapore Police Force
Woman cheated out of $273,800 by man she met on social media, Filipino charged
At least 360 people lose more than $43k to scammers listing free items online
At least 6,600 people have lost more than $96.8 million to job scams since January
More About: 
scam
Android
bank
police
advisory