Scammers using Android malware tricked about 2,000 people, losing at least S$34.1 million in 2023
In 2023, nearly 2,000 victims in Singapore fell prey to Android malware scams, resulting in at least S$34.1 million lost. The prevalence of malware-enabled scams, particularly targeting Android devices, highlights the importance of cybersecurity measures and user awareness to protect against such threats. Authorities and financial institutions continue to implement measures to mitigate these scams and reduce the financial losses incurred by victims.
Scammers using Android malware tricked about 2,000 people, losing at least S$34.1 million in 2023
In 2023, Singapore witnessed approximately 1,899 cases of Android malware scams, resulting in at least S$34.1 million (US$23.3 million) in losses. While the numbers declined towards the end of the year due to proactive measures by authorities and banks, the incidents underscore the ongoing challenges posed by malware-enabled scams targeting Android mobile devices.
Vigilance and cybersecurity awareness remain crucial to mitigate the impact of such scams on individuals and financial institutions.
The annual scams and cybercrime brief released by the Singapore Police Force reveals a continued rise in overall scam numbers, with particular concern regarding Android malware scams in 2023. The number of cases surged during the first half of the year, prompting public advisories by government agencies.
While there were more than 750 cases in the first half, the numbers for the third quarter rose to 933 before significantly dropping to 279 in the fourth quarter. Malware-enabled scams targeted individuals aged 30 to 49, with scammers predominantly using Facebook and Instagram for contact. Vigilance remains crucial to counteract such threats.
Count of fraud incidents made possible by malware
| Q1 2023 | 162 |
| Q2 | 525 |
| Q3 | 933 |
| Q4 | 279 |
Scammers employ deceptive tactics to trick Android users into installing malicious apps, and gaining unauthorized access to victims’ devices. Once infiltrated, they pilfer sensitive information for fraudulent transactions, including the theft of funds such as Central Provident Fund (CPF) savings.
Singapore Police Force (SPF) noted that victims often respond to advertised services, such as home cleaning or pet grooming, on social media platforms like WhatsApp. Scammers send victims a web link, ostensibly for payment, which prompts them to download an Android Package Kit file containing malware. Vigilance and caution are crucial to avoid falling victim to such schemes.
Fraudsters executing Android malware scams exploited victims by acquiring internet banking credentials or card details. Subsequently, victims encountered unauthorized transactions on their bank accounts or cards. In response to these threats, the Singapore Police Force (SPF) conducted numerous operations in 2023, resulting in over 140 arrests.
Legal actions were taken against more than 30 individuals, charged with offenses like disclosing Singpass credentials and conspiring to deceive a bank into opening an account. Authorities continue efforts to combat these cyber threats and safeguard individuals from falling prey to such scams.
Anti Malware Measures
In response to the surge in Android malware scams, various measures were implemented in Singapore. OCBC took a pioneering step in August by blocking certain customers from using internet and mobile banking apps when potentially risky apps from unofficial sources were detected. Although the move faced criticism initially, it prevented 276 customers from losing S$38.8 million.
The bank’s approach involved customer reports of suspicious app downloads, observed anomalies on their devices, or losses from other banks due to malware-enabled scams. These initiatives contribute to enhancing cybersecurity and protecting users from financial fraud.
Banks in Singapore responded to the Android malware scam surge by upgrading their apps with anti-malware features. The introduction of a money lock feature by local banks like DBS, OCBC, and UOB also contributed to safeguarding funds.
As of January, over 49,000 money lock accounts have been created, setting aside more than S$4.2 billion. The money lock feature prevents digital transfers of the reserved funds. OCBC customers, unlike those with DBS and UOB, don’t need to create new accounts for this feature. Efforts to enhance anti-malware measures continue, with a focus on evolving scammer tactics.
