Singapore Police Detain 16-Year-Old Teenager Charged with Bank Fraud
A group of attackers used malicious Android apps to steal credentials and steal money.
Singapore recently carried out a successful police operation that resulted in the arrest of 13 people suspected of being involved in bank fraud. Among the detainees was also a 16-year-old teenager and several young girls.
The detained accomplices of the fraudulent operation reportedly provided the hardened attackers with their bank accounts, online banking credentials and credentials Singpass for a monetary reward. These accounts and accounts were used to redirect stolen money and launder it in a way. Part of the group was also involved in the cashing of the funds received. The exact number of victims of scammers is still unknown.
IN press release , published on July 1, the Singapore Police said that since January of this year, they have received more and more reports of attackers who conduct unauthorized transactions from the bank accounts of victims. It was especially noteworthy that the victims did not share their credentials from Internet banking, Singpass with anyone, and did not provide one-time passwords from SMS to anyone. How, then, did the scammers manage to pull off their murky schemes for so long?
As it turned out, the attackers used malware to compromise Android smartphones. The initial stage of infection was the response of the victim to various advertisements for such services as cleaning the premises, grooming animals or selling food.
Subsequently, the scammers instructed the victims to download a special application from an unofficial source for the convenience of purchasing services and obtaining additional privileges. However, of course, the downloaded apk file contained malicious code.
After the initial infection, the attackers additionally contacted the victims by phone or text messages, urging them to give the malicious application access to accessibility services on their smartphones. Their activation gave attackers almost complete control over the devices of their victims: logging keystrokes, stealing banking credentials, remote control, etc.
The police found that the hackers also used the bank accounts of hacked users as a transit point for money laundering, making transfers between dozens of accounts without the knowledge of the victims. The scammers also remotely destroyed any text messages and email notifications associated with fraudulent transfers to cover all traces of the attack.
The Singapore Police Force warns against clicking on suspicious links, scanning unknown QR codes, and even more so downloading apps from unreliable sources. Malware can harm your device, personal data and wallet. You should download any applications only from official sources, additionally checking the reviews of other users before installation, as well as the requested permissions after it.