Four 16-year-olds among 17 arrested for malware scams using Android apps to access bank accounts

Seventeen people were arrested for their suspected involvement in the recent spate of banking-related malware scam cases in an island-wide anti-scam enforcement operation conducted between July 17 and 28.

The Commercial Affairs Department, Criminal Investigation Department and Police Intelligence Department arrested nine men and four women, aged between 18 and 35, and four 16-year-old youths.

Another six men and five women, aged between 18 and 58, are assisting in the investigations.

Since January, the police have received an increasing number of reports about malware being used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts even though they did not divulge their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials to anyone.

The victims would respond to advertisements for cleaning services, pet grooming, food items such as seafood and groceries on social media platforms like Facebook and were later instructed by the scammers to download Android Package Kit from a non-official app store to facilitate the purchase, leading to malware being installed on the victims’ mobile devices.

The scammers would then convince the victims via phone calls or text messages to turn on the accessibility services on their Android phones. Doing so weakens the phones’ security and allows the scammer to take full control of the phones.

This means that the scammers could log every keystroke and steal banking credentials stored in the phones, allowing the scammers to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer funds out to money mules.

The scammers can further delete the SMS and email notifications of that bank transfer to cover their tracks.

Police investigations are ongoing.

You are reminded not to click on suspicious links, scan unknown QR codes, or download mobile apps from third-party websites or unknown sources. These unverified apps may contain malware, which can severely compromise the security of mobile devices.

Instead, download apps only from official app stores. Before downloading any app, check the number of downloads and user reviews. Always be wary of any requests for banking credentials or money transfers and attractive offers that sound too good to be true.

You are also advised to turn on security settings, such as disallowing installation of apps from unknown sources, to help protect your device.