Android phone users duped into downloading malware lose at least $625,000 since December
At least 82 malware scams have been reported since December with Android phone users losing a total of at least $625,000, said the police in a news release on Jan 10
The scam victims would come across advertisements of travel and cleaning services on Facebook or TikTok and would leave their contact details to indicate their interest.
Scammers would then contact the victims through WhatsApp and request a $5 payment as a membership fee or upfront deposit to be made through a phishing link.
After keying in their credit or debit card details, the victims would encounter payment issues.
They would be duped into downloading a malicious application in an Android Package Kit (APK) file format through WhatsApp to resolve the payment issues.
The malware would allow the scammers to remotely access victims' devices to steal sensitive information such as SMS one-time passwords (OTPs).
With the phished card details and access to OTPs, the scammers would then perform subsequent unauthorised card transactions either from victims' mobile device or their own.
In some cases, victims would also be guided to configure settings in their devices to disable Google Play Protect that helps to prevent harmful downloads.
Once Google Play Protect is disabled, they would not receive alerts when they unknowingly download and install malware into their phones.
If you have any information relating to such crimes or if you are in doubt, please call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i-witness.
