Singapore Police Extradites Malaysians Linked to Android Malware Fraud

Avatar
The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023.

The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing their personal data and banking credentials.

The stolen information was subsequently used to initiate fraudulent transactions on the victims’ banking accounts, resulting in financial losses.

Following a seven-months-long investigation that was launched in November 2023 in partnership with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), the SPF said it found evidence linking the two men to a syndicate responsible for carrying out malware-enabled scams.

“The two men […] allegedly operated servers for the purposes of infecting victims’ Android mobile phones with a malicious Android Package Kit (APK) app, and subsequently controlling the phones,” the law enforcement agency said.

“The malicious APK app enabled the scammers to modify the contents of the victims’ mobile phones, which facilitated the subsequent compromise of the victims’ bank accounts.”

Singapore-headquartered Group-IB said the apps “were often disguised as offering special prices for goods and food items,” and that the trojans harbored features to gather a wide range of information.

“Once installed and necessary permissions granted, the RAT allows threat actors remote control over the Android device, enabling them to capture sensitive personal data and passwords using its keylogger and screen capture functions,” the company said.

“The RAT allowed threat actors to monitor SMS, containing one-time passwords (OTP) sent by financial organizations as a second factor authentication. Furthermore, the RAT facilitated real-time geolocation tracking of the device and its user. Operating discreetly in the background, it persists even after the Android device is rebooted.”

One of the suspects faces up to a prison term of up to seven years, a fine of $50,000, or both, while the other party is liable to pay a penalty of up to $500,000, an imprisonment term of up to 10 years, or both.

Separately, in connection with the multi-jurisdiction operation, the Taiwan Police have arrested four other people who are suspected to have used a similar to make unauthorized transfers from victims’ bank accounts.

“Assets, including cryptocurrency and real estate amounting to a total value of approximately $1.33 million, were seized from the arrested individuals,” the SPF said.

A total of 16 cyber criminals have been apprehended in connection with the law enforcement effort, which has been codenamed Operation DISTANTHILL. More than 4,000 victims are estimated to have been defrauded as part of scams.

The development comes as the U.S. Justice Department (DoJ) charged two men — Thomas Pavey and Raheim Hamilton – for operating a dark web marketplace called Empire Market that made it possible for thousands of vendors and buyers to anonymously trade more than $430 million in illegal goods and services between February 2018 and August 2020.

“Vendors on Empire Market offered to sell various illicit goods and services, including controlled substances such as heroin, methamphetamine, cocaine, and LSD, as well as counterfeit currency and stolen credit card information,” the DoJ said, citing a superseding indictment announced last week.

“After transactions were completed using cryptocurrency, buyers could review and rate their purchases on multiple criteria, including ‘stealth.'”

Launched in the aftermath of the shutdown of AlphaBay, no less than 4 million transactions were carried out during the two-year time period the marketplace was operational. Investigators also seized cash, precious metals, and more than $75 million worth of cryptocurrency from the pair, prosecutors said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Next Post

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

Related Posts

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who
Avatar
Read More

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in
Avatar
Read More

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim
Avatar
Read More