70YO Retiree Lost S$71K Life Savings After Clicking on Malware-Infected Google Play App

In 2023, even as we all struggle in dead-end jobs to meet the rising cost of living, scammers seem to stay afloat just fine.

Since March, over 100 Android users have found themselves victims of phishing scams, with losses (or gains, if you’re the scammers) totalling over S$445,000.

This 70-year-old man, unfortunately, was scammed of $71,000, a sum that included his painstakingly-earnt pension.

All Gone In Two Hours

After installing a fake Google Play app on his phone, 70-year-old Mr Loo (not his real name) found his phone compromised by malware.

Scammers then transferred $71,000 out of his account in just two hours, causing him to lose his savings and pension in that short window. 

Allegedly, he had picked up a call from a staff member at DBS Bank at around 9 am on 29 January, who told him that multiple transfers to foreign countries had been made on his account in two hours, from around 3 am that morning. 

In total, $71,000 was transferred out of his account, leaving him with only $2,000. This sum included his pension of $30,000, which he had received just earlier that month.

Upon hearing the news, Mr Loo immediately froze his account.

After the incident, he filed a police report and gave his phone to the police to aid in investigations. 

“The police said that since the money was transferred overseas, I can’t get it back,” he said in an interview with Shin Min Daily News. “It was my hard-earned money, and it really hurts that it was taken away like this. My wife and I are sleepless every night because of this.”

Apparently, he had not received an OTP, and claimed he had never followed any links. In his opinion, the bank’s security measures were lacking, and he felt that they should offer him an explanation for it. 

He began contacting the bank in February, hoping they could return this money.

He also hopes that his experience could remind the public to keep their guard up to prevent their personal data from being stolen too. 

How The Scam Works

The police found that Mr Loo’s phone was compromised by malware, and he had a malicious fake Google Play app installed on his phone.

The malware allowed scammers to control the mobile device and make fraudulent transactions on it.

Malware can infect phones by downloading applications from third-party or dubious sites, opening attachments from unsolicited emails and accessing malicious websites.

In a police advisory, the Singapore Police Force (SPF) asked Android mobile users to look out for suspicious Google, Android, or Chrome-related updates in the form of Android Package Kit (APK) files they’re asked to download, even if their names are seemingly legitimate.

These are some examples of what infected files might be named:

  • GooglePlay23Update[.]apk;
  • GooglePlay.apkUpdate[.]apk;
  • Chrome_update1123[.]apk;
  • Chrome-upd13111[.]apk; and
  • Chrome-update10366[.]apk

Despite their names, none of these files are official releases by Google.

Upon installation of malware, users may notice a significant decline in device performance and persistent pop-ups from the fraudulent app, asking for access to unnecessary data or app-unrelated permissions. 

Once the device is infected, attackers might be able to remotely control the device to perform unauthorised transactions, intercept text messages, and access confidential data like personal credentials, credit card details and banking credentials. 

Upwards of 113 Android phone users found their banking credentials stolen like this since March, resulting in losses of more than $445,000.

How To Prevent This

The SPF has some tips to prevent your device from being infected with malware.

Make sure not to install any dubious apps—install applications only from official application stores. 

Here’s how a fake Google Play app looks in comparison to the real one:

You can also disable “install unknown app” or “unknown sources” in your phone’s settings, and install antivirus or anti-malware apps to prevent your device from being compromised. 

Exercise caution and discretion when clicking on advertisements embedded in websites or other applications that lead to a third-party website that prompts you to download a file, and don’t grant permission to persistent pop-ups.

If you suspect there’s malware on your phone, turn your device to “flight mode” and perform an anti-malware scan to check, and uninstall any suspicious applications you find. 

But if it’s too late and you’ve found yourself a victim of a scam, you can file a police report online or in person, or call the police hotline at 1800-255-0000.