Android Malware Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023.

The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing their personal data and banking credentials.

The stolen information was subsequently used to initiate fraudulent transactions on the victims' banking accounts, resulting in financial losses.

Following a seven-months-long investigation that was launched in November 2023 in partnership with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), the SPF said it found evidence linking the two men to a syndicate responsible for carrying out malware-enabled scams.

"The two men [...] allegedly operated servers for the purposes of infecting victims' Android mobile phones with a malicious Android Package Kit (APK) app, and subsequently controlling the phones," the law enforcement agency said.

Cybersecurity

"The malicious APK app enabled the scammers to modify the contents of the victims' mobile phones, which facilitated the subsequent compromise of the victims' bank accounts."

Singapore-headquartered Group-IB said the apps "were often disguised as offering special prices for goods and food items," and that the remote access trojan (RAT) harbored features to gather a wide range of information.

"Once installed and necessary permissions granted, the RAT allows threat actors remote control over the Android device, enabling them to capture sensitive personal data and passwords using its keylogger and screen capture functions," the company said.

"The RAT allowed threat actors to monitor SMS, containing one-time passwords (OTP) sent by financial organizations as a second factor authentication. Furthermore, the RAT facilitated real-time geolocation tracking of the device and its user. Operating discreetly in the background, it persists even after the Android device is rebooted."

One of the suspects faces up to a prison term of up to seven years, a fine of $50,000, or both, while the other party is liable to pay a penalty of up to $500,000, an imprisonment term of up to 10 years, or both.

Separately, in connection with the multi-jurisdiction operation, the Taiwan Police have arrested four other people who are suspected to have used a similar to make unauthorized transfers from victims' bank accounts.

"Assets, including cryptocurrency and real estate amounting to a total value of approximately $1.33 million, were seized from the arrested individuals," the SPF said.

A total of 16 cyber criminals have been apprehended in connection with the law enforcement effort, which has been codenamed Operation DISTANTHILL. More than 4,000 victims are estimated to have been defrauded as part of scams.

The development comes as the U.S. Justice Department (DoJ) charged two men — Thomas Pavey and Raheim Hamilton – for operating a dark web marketplace called Empire Market that made it possible for thousands of vendors and buyers to anonymously trade more than $430 million in illegal goods and services between February 2018 and August 2020.

Cybersecurity

"Vendors on Empire Market offered to sell various illicit goods and services, including controlled substances such as heroin, methamphetamine, cocaine, and LSD, as well as counterfeit currency and stolen credit card information," the DoJ said, citing a superseding indictment announced last week.

"After transactions were completed using cryptocurrency, buyers could review and rate their purchases on multiple criteria, including 'stealth.'"

Launched in the aftermath of the shutdown of AlphaBay, no less than 4 million transactions were carried out during the two-year time period the marketplace was operational. Investigators also seized cash, precious metals, and more than $75 million worth of cryptocurrency from the pair, prosecutors said.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.