Banking Trojan Operation Busted in Singapore, 13 People Arrested

Singapore law enforcement arrested 13 people related to the development and deployment of malware designed to steal banking information on Android devices.

Unfortunately, we rarely see people arrested in connection to these malware attacks. Since many of the operations are conducted from abroad and rarely in relevant jurisdictions, criminals remain unknown and uncaught.

That wasn’t the case in Singapore, where police found the ones allegedly responsible for the attacks. Their tactics were the same as everywhere else. Persuade people to download and install malware on their Android devices, steal their banking info, and even transfer money without any hindrance.

“Since January 2023, the Police have received increasing reports informing that malware was used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts even though they did not divulge their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials to anyone,” said the Singapore Police Force in a press release.

“Preliminary investigations revealed that seven men and two women, aged between 19 and 27, and the 16-year-old youth, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and or disclosing Singpass credentials for monetary gains,” the police added.

To get to the mony, the operations also used “mules” to get to the money, or people designated to withdraw funds from bank accounts. The attackers disguised their malicious apps behind ads posted on various social networks for cleaning services, pet grooming, seafood, groceries, and more.

Interestingly, installing the malware wasn’t enough. They would contact the victims, usually by phone, and persuade them to turn on accessibility services, which granted them complete access to devices.

Attackers would log every keystroke and steal banking credentials stored in phones. This allowed the scammer to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits, and transfer funds to money mules. Finally, they would delete SMS messages and notifications that could have alerted victims.