Police warn of fake HealthHub app used by scammers to gain control over victims' devices

A new scam variant has emerged in which scammers send fake SMS messages claiming to be from 'Healthier SG', the police said in a statement.

Healthier SG is a national initiative focused on preventive care and empowering individuals to take steps towards better health with the support of family clinics and community partners under the Ministry of Health (MOH).

The police said in this scam variant, members of the public would receive text messages via SMS, asking them to schedule a fully subsidised Health Plan consultation.

The SMS contains a WhatsApp link and members of the public are instructed to click on it for more information.

After clicking on the link, the targeted victims would be directed to a chat where they are prompted to download an Android Package Kit (APK) purportedly from 'HealthHub' to make medical appointments.

The malware in the APK file allows scammers to gain remote access and control over the victim's device.

It also enables them to steal passwords stored on the device.

Most victims will not know about this malicious app on their devices until unauthorised withdrawals are made from their bank accounts, the police said.

The police remind members of the public of the danger of downloading apps from third-party or dubious sites.

Members of the public are advised to instead adopt the following precautionary measures:

• ADD - ScamShield App and set security features (e.g., enable two-factor (2FA) or multifactor authentication for banks and set transaction limits on internet banking transactions, including PayNow). Ensure that your devices are installed with updated anti-virus/anti-malware applications and your devices’ operating systems and applications are updated regularly to be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings and do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.

• CHECK - For scam signs with official sources (e.g. ScamShield WhatsApp bot @ https://go.gov.sg/scamshield-bot, call the Anti-Scam Helpline on 1800-722-6688, or visit www.scamalert.sg). Only download and install applications from official app stores (i.e., Google Play Store for Android). Note that the official Healthier SG SMSes will always show the registered sender ID “MOH” in upper case and will not be sent via mobile phone numbers. Refer to Annex B for an example of the legitimate SMS sent by MOH. If you suspect that you have received a scam message, do not click on the link within and offer your personal information.

• TELL - Authorities, family, and friends about scams. Report the number to WhatsApp to initiate in-app blocking and report any fraudulent transactions to your bank immediately.

For those who have already downloaded and installed the app, including granting the app accessibility services, or suspect that our phone is infected with malware, you should take the following steps:

1. Turn your phone to “flight mode”. Check that Wi-Fi is switched off and do not switch it on.

2. Run an anti-virus scan on your phone.

3. Check your bank account/Singpass/CPF etc for any unauthorised transaction(s) using other device(s).

4. If there are unauthorised transaction(s), report to the bank, relevant authorities, and lodge a Police report.

5. After completing steps a-c, if you believe that your phone has not been infected with malware, you may resume usage of your phone. As a further precaution, you may consider doing a “factory reset” of your phone and changing important passwords.

Anyone with information relating to such crimes or is in doubt should call the police hotline at 1800-255-0000 or submit it online.

All information will be kept confidential. If you require urgent police assistance, call '999'.

For more information on scams, visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.