Singaporean authorities have reported a surge in malware scams targeting Android device users, with victims losing substantial sums to schemes that begin with innocent-looking advertisements on social media platforms.
At least 128 cases have been reported since February, with victims losing at least $2.4 million, reported The Straits Times.
The Singapore Police Force (SPF) has identified a concerning pattern where scammers exploit social media platforms to initiate contact with potential victims.
Advertisements
How the Scam Works
The scam typically begins when victims encounter advertisements for travel and cleaning services on Facebook or TikTok. After expressing interest and providing their contact details, victims are contacted by scammers through WhatsApp.
The fraudsters request a $5 payment as a membership fee or upfront deposit, directing victims to make the payment through a phishing link.
When victims enter their credit or debit card details, they encounter payment issues.
To “resolve” these payment problems, scammers convince victims to download a malicious application in Android Package Kit (APK) file format through WhatsApp. This malware grants scammers remote access to victims’ devices, allowing them to steal sensitive information such as SMS one-time passwords (OTPs).
In some cases, victims are instructed to disable Google Play Protect, which would normally alert users to harmful downloads.
Rising Financial Losses
The financial impact of these scams has been significant. In September 2024 alone, about $1.2 million was lost to Android malware scams involving advertisements for travel packages on social media platforms, with at least 43 victims falling prey.
Looking at the broader picture, 2023 saw approximately 1,899 cases of Android malware scams reported in Singapore, with total losses of at least $34.1 million.
The average amount lost per victim was about $17,960.
Advertisements
“Three products from Meta — Facebook, WhatsApp and Instagram — are of particular concern and continue to be over-represented amongst the platforms exploited by scammers to contact potential victims and conduct their scams,” the police said in a news release in February 2023.
Who Is Being Targeted?
The majority of malware-enabled scam victims in 2023 were aged 30 to 49, making up 43.7 per cent of victims.
Scammers most frequently use Facebook and Instagram to contact victims.
The Android operating system appears to be specifically targeted due to its open nature, which allows users to download apps from sources other than the official Google Play Store.
Protective Measures
The SPF has issued guidelines for the public to protect themselves from such scams. These include:
Advertisements
-
Installing the ScamShield application to block scam calls and SMSes
-
Adding anti-virus applications and ensuring they are updated regularly
-
Ensuring devices’ operating systems and applications are updated with the latest security patches
-
Keeping Google Play Protect enabled
-
Disabling “Install Unknown App” or “Unknown Sources” in phone settings
The police also advise the public to only download and install applications from official app stores such as the Google Play Store for Android devices.
What to Do If Your Device Is Compromised
For those who suspect their phones have been infected with malware, the SPF recommends:
-
Turning the phone to flight mode and ensuring Wi-Fi is switched off
-
Running an antivirus scan on the phone
-
Checking bank accounts, Singpass accounts, and Central Provident Fund accounts for unauthorised transactions
-
Reporting any unauthorised transactions to the bank, relevant authorities, and the police
As a further precaution, victims may consider performing a factory reset of their phones and changing important passwords.
Government and Banking Response
The Monetary Authority of Singapore and banks have progressively introduced additional security measures to combat malware-related scams.
In August 2023, OCBC became the first bank in Singapore to block some customers from using its internet banking and mobile banking app if it detected potentially risky apps downloaded from unofficial portals.
Advertisements
These combined efforts led to a decline in cases towards the end of 2023, according to police reports.
The police have summed up their advice in the acronym “ACT” – Add security features, Check for scam signs, and Tell authorities about scams.
These five GRCs could see the tightest battle in GE2025; here’s why:
Read Also:
- Trump Exempts Electronics from 125% China Tariffs, Sparing Smartphones and Computers
- Elderly Charity Shop Owner Baffled by Over 50 Boxes of Mystery Donation Blocking Store Entrance
- DNA from Two Men Discovered on Murdered Singaporean Woman’s Clothing as Court Orders Comparison with Main Suspect
- Former Police Officer Convicted in Fatal Maid Abuse Case That Left Victim Weighing Just 24kg
- Teen Arrested in Johor for Selling AI-Generated Fake Nudes of School Peers for RM2 Each
