At least S$1.2 million lost to Android malware scams involving travel package ads
At least 43 victims have fallen prey to such scams in September.
Screenshots of fraudulent advertisements on Facebook for durian and concert tours. (Photo: Singapore Police Force)
SINGAPORE: About S$1.2 million (US$875,000) was lost to Android malware scams involving advertisements for travel packages on social media platforms in September, with at least 43 victims falling prey to such scams.
In this scam variant, victims would come across advertisements on Facebook or Instagram promoting cruises, tour packages, concert tours and durian tours, the Singapore Police Force (SPF) said in a news release on Thursday (Oct 5).
Victims would respond to the ads, and the "sellers" would engage them on WhatsApp before directing them to download an Android package kit (APK) file to pay their booking fees.
The APK file would be downloaded over the messaging app or via a malicious link provided by the scammers.
APK files are used to install apps created for the Android operating system.
Victims would download and install the APK file which would enable the scammers to access their devices remotely to steal their banking credentials and passwords.Â
Victims could also be instructed to input their internet banking login details into a fake banking window in the app or be asked to make PayNow or bank transfers for the booking fees.Â
The victims would later discover unauthorised transactions from their banking accounts.Â
PRECAUTIONARY MEASURES
SPF said that members of the public can protect themselves from such scams by installing the ScamShield app and antivirus apps, and keeping these apps updated so that they can detect the latest malware.Â
They should also ensure that their devices' operating systems and applications are updated regularly with the latest security patches.Â
The police also advised members of the public to disable "install unknown app" or app installation from "unknown sources" in their phone settings, and not to grant permission to persistent pop-ups that ask for access to their devices' hardware or data.Â
They were also reminded to only download and install applications from official app stores such as the Google Play Store for Android devices.
"Be wary if asked to download unknown apps in order to purchase items or services on social media platforms," SPF said.
"Check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is reputable and legitimate."
WHAT TO DO WHEN YOUR PHONE IS COMPROMISED
Those who suspect that they have already downloaded and installed a malicious app, or suspect their phone has already been infected with malware, can take the following steps:
- Turn the phone to flight mode and ensure that Wi-Fi is switched off
- Run an antivirus scan on the phone
- Check their bank account, Singpass account and Central Provident Fund account for any unauthorised transactions and report such transactions to their bank, relevant authorities and the police
After completing these steps, people can use their phones normally if they believe the phones have not been infected with malware.
"As a further precaution, you may consider doing a factory reset of your phone and changing important passwords," the police added.
