Two men, aged 26 and 47, will be charged in court on 15 June 2024 for their suspected involvement in malware-enabled scams against Singaporeans since June 2023.
In 2023, there were at least 1,899 cases of victims in Singapore having downloaded malware onto their phones, and the total amount lost was at least $34.1 million. In these cases, scammers deceived the victims into downloading malicious apps onto their mobile devices. Through these apps, the scammers were able to remotely access their devices and steal sensitive information, including personal data and banking credentials. The stolen information was then used to perform fraudulent transactions on the victims’ banking accounts, leading to financial losses by the victims.
On analysing the reports by the victims, the Singapore Police Force (SPF) found that the individuals involved in these malware-enabled scams might be operating in a few jurisdictions. A joint, multi-jurisdiction investigation team led by the SPF and including the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), was thus formed in November 2023.
Over the course of the next seven months, the joint investigation team unravelled the complex web of criminal activity and online infrastructure hosting the malware. Based on the leads uncovered, the SPF established the identity of two men who were believed to be part of the syndicate responsible for the malware-enabled scams, and traced their location to Malaysia.
With strong cooperation and assistance from the RMP, the two men were arrested in Malaysia on 12 June 2024, pursuant to warrants of arrest issued by the State Court of Singapore. Both men were handed over to the SPF on 14 June 2024.
Preliminary investigations show that the two men had allegedly operated servers for the purposes of infecting victims’ Android mobile phones with a malicious Android Package Kit (APK) app, and subsequently controlling the phones. The malicious APK app enabled the scammers to modify the contents of the victims’ mobile phones, which facilitated the subsequent compromise of the victims’ bank accounts.
In the course of the investigations, the SPF also shared information with the Taiwan Police, which led to the successful takedown of a syndicate operating a fraudulent customer service centre in Kaohsiung City, Taiwan. On 15 May 2024, the Taiwan Police conducted a raid and arrested four individuals. The individuals were alleged to have used malicious apps to make unauthorised transfers from victims’ bank accounts. Assets, including cryptocurrency and real estate amounting to a total value of approximately US$1.33 million, were seized from the arrested individuals.
In addition, the HKPF successfully took down 52 malware-controlling servers in Hong Kong and arrested 14 money mules who had allegedly facilitated the malware-enabled scam cases by relinquishing the use of their bank accounts to the scammers for monetary reward.
The two men will be charged in court on 15 June 2024 with the offence of unauthorised modification of computer material punishable under Section 5(2) read with Section 12(1) of the Computer Misuse Act 1993, which carries a fine of up to $50,000, an imprisonment term of up to seven years, or both. The 47-year-old man will be charged additionally with the offence of acquiring benefits from criminal conduct punishable under Section 54(5) of the Corruption, Drug Trafficking and other Serious Crimes (Confiscation of Benefits) Act 1992, which carries a fine of up to $500,000, an imprisonment term of up to 10 years, or both. Both men will be remanded for further investigations.
3 Deputy Director of the Criminal Investigation Department, Assistant Commissioner of Police (AC) Paul Tay, expressed his appreciation to all the law enforcement officers and other stakeholders involved in the operation. He said, “The arrest of these malware operators and dismantling of scam infrastructure demonstrates the resolve of the SPF in fighting scams. We are grateful for the strong partnership from our Malaysian, Hong Kong and Taiwanese counterparts, which has enabled us to disrupt this criminal operation and prevent further harms to victims. The SPF would also like to thank the Cyber Security Agency of Singapore for their support. The SPF will spare no effort to go after criminals, even those who operate beyond our borders, and we will continue to work with our foreign law enforcement partners to bring these criminals to justice.”
The Police would like to remind members of the public of the danger of downloading apps from third-party or dubious sites. They are advised to adopt the following precautionary measures:
- ADD – ScamShield and security features (e.g., enable two-factor (2FA) or multi-factor authentication for bank accounts, and set transaction limits on internet banking transactions, including PayNow). Also ensure your devices’ operating systems and apps are updated regularly, so that they can be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings and do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.
- CHECK – for scam indicators with official sources (e.g. ScamShield WhatsApp bot @ https://go.gov.sg/scamshield-bot, Anti-Scam Helpline on 1800-722-6688, or visit www.scamalert.sg). Only download and install apps from official app stores (i.e., Google Play Store for Android phones). Be wary if asked to download unknown apps in order to purchase items or services on social media platforms. Check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is reputable and legitimate.
- TELL – authorities, family, and friends about scams. Report possible scam numbers to WhatsApp to initiate in-app blocking and report any fraudulent transactions to your bank immediately.
If you have already downloaded and installed the malicious app (which includes granting the app accessibility services) or suspect that your phone is infected with malware, please take the following steps:
- Turn your phone to “flight mode”. Check that Wi-Fi is switched off; do not switch it on.
- Run an anti-virus scan on your phone.
- Check your bank/Singpass/CPF account etc. for any unauthorised transaction(s), using other device(s).
- If there are unauthorised transaction(s), report to the bank and relevant authorities, and lodge a Police report, immediately.
- After completing steps 1 – 3, if you believe that your phone has not been infected with malware, you may resume usage of it. As a further precaution, you may consider doing a “factory reset” of your phone and changing important passwords.