The Singaporean police have issued a warning about a new variant of Android malware scams that have resulted in over S$10 million in losses during the first half of 2023. In this scam, scammers entice victims with advertisements for various services on social media platforms like Facebook and Instagram.
Furthermore, victims are then directed to download an Android Package Kit (APK) file, which installs a malicious app on their devices, granting it accessibility permissions. Unbeknownst to victims, the malware steals their internet banking credentials through a keylogging function when they make a PayNow transfer.
After the scammers gain unauthorized access to victims’ banking accounts and perform transactions, they initiate a factory reset on the victims’ devices. This action effectively erases any traces of the malicious app and the unauthorized transactions, making it difficult for victims to detect the scam.
Additionally, the police have urged the public to exercise caution when downloading mobile apps, emphasizing the dangers of third-party or dubious sites. They also recommend adopting precautionary measures like using the ScamShield app, enabling two-factor authentication, and setting transaction limits on internet banking transactions.
In case individuals suspect that they have downloaded a malicious app or that their phone is infected with malware, the police advise them to take immediate action, including switching their phones to flight mode, running an anti-virus scan, and checking their bank accounts for unauthorized transactions. These incidents highlight the importance of cybersecurity vigilance and safe app downloading practices, as scammers continue to exploit vulnerabilities in the digital landscape.
