Teenagers among 10 suspects arrested over links to Android banking-related malware scams
SINGAPORE: Teenagers were among 10 people arrested for their suspected involvement in a recent spate of banking-related malware scams targeting Android users.
The youngest suspect nabbed during a two-week police operation is 16 years old.
Others who were arrested are aged between 18 and 43, said the police in a media release on Saturday (Aug 12).
Another six people are assisting in investigations.
Preliminary investigations showed that the 10 suspects had allegedly facilitated the scams by relinquishing their bank accounts, internet banking credentials or disclosing Singpass credentials for monetary gains.
Police said cases of malware being used to compromise Android mobile devices have been on the rise this year.
This results in unauthorised transactions made from the victims' bank accounts even though they did not reveal their internet banking credentials, one-time passwords or Singpass credentials to anyone.
In such cases, the victims responded to advertisements on social media platforms for things like food items, cleaning and pet grooming services. They were then instructed by scammers to download a malicious Android Package Kit (APK) from non-official app stores to facilitate the purchases.
The scammers then convince the victims to turn on accessibility services on their Android phones, which allows authorised parties to take full control of the phones.
"This means that the scammers can log every keystroke and steal banking credentials stored in the phones and allows the scammer to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules," the police said.
Scammers can further delete SMS and email notifications of that bank transfer to cover their tracks.
In June, nine people - including a 16-year-old - were arrested for their suspected involvement in similar scams.
Police said at the time that victims lost more than S$221,000 (US$164,000), including more than S$114,000 in CPF savings, since late May.
Police investigations into the latest round of arrests are ongoing.
Those convicted of acquiring benefits from criminal conduct may be jailed for up to 10 years, fined up to S$500,000, or both.
For deceiving banks into opening bank accounts that were not meant for their own use and relinquishing bank account log-in details, offenders face a three-year jail term, a fine, or both under the Penal Code. They may also face charges under the Computer Misuse Act.