20.5k unique visitors in the last 3 days

Two Men Extradited from Malaysia to Singapore over Android Malware Bank Account Thefts

A 7-month investigation also led to arrests in Hong Kong and the closure of a scam call center in Taiwan.

The Singapore Police Force (SPF) announced last week the arrest in neighboring Malaysia of two suspected Android malware scammers (pictured) who were transferred to their custody two days later. The men are believed to have operated servers that infected Android phones with malware that compromised the security of the devices, with the result that accomplices were able to gain control of the bank accounts of victims and drain them of money. There were 1,899 cases of malware-enabled crimes of this type recorded in Singapore during 2023, at a collective cost of SGD34.1mn (USD25.2mn) to victims.

The methods used by the criminals will be familiar to risk professionals who have paid attention to the convergence of telecoms and banking scams. To begin with, scammers fool unsuspecting members of the public into downloading malicious apps to their phones. These apps give the scammers remote access which allows them to further reconfigure the phone’s security settings. Ultimately, scammers can gain visibility of a victim’s messages, log passwords typed into the phone, overlay browser windows with phishing sites, and spy on victims through the phone’s camera and microphone. Compromised personal data is then used to take control of a victim’s bank account.

A 7-month investigation jointly run by the SPF, the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP) was able to identify the malware servers alleged to have been operated by the two men. They were arrested by the RMP on June 12. Meanwhile, HKPF took 52 malware-controlling servers offline and arrested 14 money mules working for the same criminal syndicate.

Information shared with the Taiwan Police also allowed them to shut down a scam customer service compound in Kaohsiung City, southern Taiwan, during May. The Taiwanese authorities seized assets collectively worth USD1.33mn during the raid, including real estate and cryptocurrency.

You can see the full press release from the Singapore Police here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email