Singapore police extradite Malaysian in connection with Android malware scam

June 18, 2024Press releaseMobile Security / Financial Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign that has targeted the country’s citizens since June 2023.

The unnamed individuals, aged 26 and 47, were involved in scams that tricked unsuspecting users into downloading malicious apps on their Android devices via phishing campaigns with the aim of stealing their personal information and banking details.

The stolen information was then used to conduct fraudulent transactions through victims’ bank accounts, resulting in financial loss.

Following a seven-month investigation launched in November 2023 in collaboration with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), the SPF said it found evidence linking the two men to a syndicate responsible for conducting scams using malware.

“The two men (…) allegedly operated servers to infect victims’ Android mobile phones with a malicious Android Package Kit (APK) app and then take control of the phones,” the law enforcement agency said.

“The malicious APK app allowed the scammers to modify the contents of victims’ mobile phones, which made it easier to subsequently access victims’ bank accounts.”

Singapore-based Group-IB said the apps were “often disguised as special offers on goods and food” and the Trojans had capabilities to collect a wide range of information.

“Once installed and granted the required permissions, the RAT allows threat actors to remotely control the Android device and enables them to intercept sensitive personal information and passwords using the keylogger and screen recording features,” the company explained.

“The RAT allowed threat actors to monitor SMS messages containing one-time passwords (OTPs) sent by financial institutions as a second authentication factor. In addition, the RAT enabled real-time geolocation of the device and its user. It runs discreetly in the background and persists even after the Android device is rebooted.”

One of the suspects faces a prison sentence of up to seven years, a fine of $50,000, or both, while the other party faces a fine of up to $500,000, a prison sentence of up to ten years, or both.

Separately, Taiwanese police have arrested four other people in connection with the multi-jurisdictional operation on suspicion of using a similar means to make unauthorized transfers from victims’ bank accounts.

“Assets totaling approximately $1.33 million were seized from those arrested, including cryptocurrency and real estate,” the SPF said.

A total of 16 cybercriminals were arrested as part of the law enforcement operation, codenamed Operation DISTANTHILL. It is estimated that more than 4,000 victims were defrauded as part of the scams.

The development comes after the U.S. Department of Justice filed charges against two men – Thomas Pavey and Raheim Hamilton – for operating a darknet marketplace called Empire Market, where thousands of sellers and buyers were able to anonymously trade over $430 million worth of illegal goods and services between February 2018 and August 2020.

“Vendors at Empire Market offered for sale a variety of illegal goods and services, including controlled substances such as heroin, methamphetamine, cocaine and LSD, as well as counterfeit currency and stolen credit card information,” the Justice Department said, citing an indictment announced last week.

“After transactions were completed using cryptocurrency, buyers could review and rate their purchases based on several criteria, including ‘stealth.'”

The marketplace was created after AlphaBay was shut down, and in the two years it was in operation, no less than 4 million transactions were made. Investigators also seized over $75 million worth of cash, precious metals and cryptocurrencies, prosecutors said.