Law Enforcers in Singapore Hand Over Malaysians Connected to Android Malware Deception

Jun 18, 2024NewsroomMobile Security / Financial Fraud

The Singapore Police Force (SPF) has publicized the deportation of two individuals from Malaysia for their suspected engagement in a mobile malware operation aimed at residents in the nation since June 2023.

The unnamed pair, aged 26 and 47, participated in schemes that deceived unwary users into installing harmful applications on their Android gadgets through deceitful campaigns, intending to pilfer their personal information and banking details.

The pilfered data was subsequently employed to carry out deceitful transactions on the victims’ bank accounts, leading to financial losses.

After a seven-month investigation that commenced in November 2023 in collaboration with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), the SPF stated that it detected proof linking the duo to a group responsible for executing malware-assisted deceptions.

“The pair […] purportedly presided over servers to contaminate victims’ Android mobile devices with a malevolent Android Package Kit (APK) application and subsequently took command of the devices,” the law enforcement organization stated.

“The malevolent APK application allowed the scammers to alter the contents of the victims’ mobile devices, aiding in the subsequent compromise of their bank accounts.”

Based in Singapore, Group-IB mentioned that the applications “were frequently camouflaged as offering exclusive prices for products and food items,” and that the trojans contained functionalities to collect a broad range of data.

“Once installed and essential consents granted, the Remote Access Tool (RAT) empowers bad actors to remotely manage the Android device, enabling them to retrieve sensitive personal data and passwords using its keylogger and screen capture attributes,” the enterprise expressed.

“The RAT facilitated bad actors to monitor SMS, containing one-time passwords (OTP) issued by financial institutions for a second factor authentication. Additionally, the RAT allowed real-time geolocation tracking of the device and its user. Effortlessly working quietly in the background, it persists even after the Android device is restarted.”

One of the suspects faces a potential prison sentence of up to seven years, a fine of $50,000, or both, whereas the other individual could face a penalty of up to $500,000, a prison sentence of up to 10 years, or both.

Additionally, as part of the multinational operation, the Taiwan Police have arrested four other persons who are alleged to have utilized a similar technique to conduct unauthorized transfers from victims’ banking accounts.

“Assets, including cryptocurrency and real estate totaling approximately $1.33 million, were confiscated from the detained individuals,” the SPF stated.

A total of 16 cyber offenders have been captured in connection with the law enforcement initiative codenamed Operation DISTANTHILL. More than 4,000 individuals are believed to have been deceived as part of the deceitful activities.

The development emerges as the U.S. Justice Department (DoJ) indicted two individuals — Thomas Pavey and Raheim Hamilton – for running a clandestine web marketplace named Empire Market, enabling thousands of vendors and buyers to anonymously trade more than $430 million in illicit goods and services between February 2018 and August 2020.

“Vendors on Empire Market offered to sell various illicit goods and services, including controlled substances such as heroin, methamphetamine, cocaine, and LSD, as well as counterfeit currency and stolen credit card information,” the DoJ mentioned, referencing an updated indictment disclosed recently.

“Once transactions were concluded using cryptocurrency, purchasers could assess and rate their acquisitions on several criteria, encompassing ‘stealth.'”

Emerged following the closing down of AlphaBay, no fewer than 4 million transactions were carried out during the operational period of two years for the marketplace. Investigators also confiscated cash, precious metals, and over $75 million worth of cryptocurrency from the duo, as per prosecutors.