Police warn new Android malware scam can factory reset phones; over S$10 million lost in first half of 2023
Scammers would access and perform unauthorised transactions from the victim’s banking account, before initiating a factory reset on the affected device.
SINGAPORE: The police on Wednesday (Sep 20) issued an advisory about a new variant of Android malware scams, where scammers would initiate a factory reset on infected devices after the malware executes unauthorised transactions on the phone’s i-banking app.
There have been more than 750 cases of victims downloading the malware into their phones in the first half of 2023, with losses of at least S$10 million (US$7.3 million).
Victims would come across advertisements for various services, such as home cleaning and pet grooming, and food purchases on social media platforms like Facebook and Instagram.
The victims would then contact the “sellers” via the platforms or messaging app WhatsApp. Following this, the “sellers” would send a uniform resource locator (URL) link for the victims to download an Android Package Kit (APK) file, an app created for Android’s operating system.
Victims would then download and install the app, which includes granting it accessibility services.
They would be instructed to make a PayNow transfer of S$5 as a deposit.
“Unknown to the victims, their internet banking credentials would be stolen by the malware’s keylogging function upon the transfer,” the police said.
“After the scammers accessed and performed unauthorised transactions from the victim’s banking account, they would initiate a factory reset on the victims’ devices.”
The victims would then discover the unauthorised transactions after calling their banks or when they reinstalled the banking apps on their devices.
The police reminded members of the public that it is dangerous to download mobile apps from third-party or dubious sites.
They also advised the public to adopt precautionary measures, such as using the ScamShield app, setting security features such as two-factor authentication and setting transaction limits on internet banking transactions.
Users should only download and install applications from official app stores, such as Google Play store for Android, and should be wary if asked to download unknown apps in order to purchase items or services on social media.
Those who suspect that they have already downloaded and installed a malicious app, or suspect their phone have already been infected with malware are advised to take the following measures:
- Turn the phone to flight mode.
- Run an anti-virus scan on the phone.
- Check their bank account, Singpass account and Central Provident Fund account for any unauthorised transactions and report such transactions to their bank, relevant authorities and the police.
After completing these steps, members of the public can use their phones normally if they believe their phones have not been infected with malware.
“As a further precaution, you may consider doing a 'factory reset' of your phone and changing important passwords,” the police said.