The suspects allegedly facilitated a series of scams by sharing banking credentials and Singpass information for monetary gain.
SINGAPORE: In a major crackdown on banking-related malware scams, authorities in Singapore have arrested 11 men and one woman, ranging in age from 17 to 40, for their involvement in facilitating a series of cybercrimes. The arrests followed an island-wide enforcement operation conducted between October 9 and October 20.
The coordinated operation was a joint effort by the Commercial Affairs Department (CAD) and Police Intelligence Department (PID), leading to the apprehension of the 12 suspects. Preliminary investigations suggest that these individuals played a pivotal role in the scams by relinquishing their bank accounts, Internet banking credentials, and/or Singpass credentials in exchange for monetary compensation.
The surge in such scams began in early 2023, with reports of malware targeting Android mobile devices. These malicious programs led to unauthorized transactions from victims’ bank accounts, even when they had not directly shared their banking details. Victims often responded to seemingly legitimate advertisements on social media platforms such as Facebook, which promoted services like cleaning, pet grooming, or food products. The ads instructed victims to download Android Package Kits (APKs) from unofficial app stores, inadvertently installing malware on their devices.
Once the malware was installed, scammers contacted victims by phone or text, coercing them into enabling accessibility features on their Android devices. This weakened the security of the devices and allowed the scammers to gain full control, logging every keystroke and stealing stored banking information. With remote access, scammers could manipulate victims’ banking apps, add money mules as payees, adjust payment limits, and transfer funds, all while erasing transaction notifications to cover their tracks.
The suspects will face various charges, including acquiring benefits from criminal conduct under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992, which carries a penalty of up to 10 years in prison, a fine of up to $500,000, or both. Other charges relate to the disclosure of bank account details and Singpass credentials under the Penal Code and the Computer Misuse Act, with potential sentences ranging from fines to years of imprisonment.
The police have issued a public advisory urging individuals to be cautious when using mobile apps. They advise against clicking on suspicious links, scanning unknown QR codes, or downloading apps from third-party websites, as these could contain malware. To protect their devices, individuals are encouraged to adjust their security settings and refrain from installing apps from unknown sources.
The police remain committed to combating cybercrime and will continue to enforce strict actions against those who engage in illegal activities. The public is also urged to reject any offers to use their personal accounts for money transfers on behalf of others, which could make them complicit in these crimes.
For more information on scams, individuals can visit www.scamalert.sg or contact the Anti-Scam Helpline at 1800-722-6688. Those with information about these scams can reach the Police Hotline at 1800-255-0000 or submit details online at www.police.gov.sg/iwitness.
