The Singapore Police Force (SPF) has reported the extradition of two Malaysian nationals accused of orchestrating a scheme involving mobile malware aimed at Singaporean citizens since June 2023.
These two individuals, aged 26 and 47, allegedly conducted fraudulent activities that lured unsuspecting users into downloading malicious applications onto their Android devices through phishing campaigns. Their goal was to steal personal data and banking credentials, subsequently using this information to carry out unauthorized transactions that led to financial losses.
After a thorough investigation spanning seven months, which commenced in November 2023 in collaboration with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), the SPF uncovered evidence linking the suspects to a syndicate responsible for executing scams using malware.
According to the law enforcement agency, “The two men purportedly managed servers to distribute a malicious Android Package Kit (APK) app, which infected victims’ Android phones, enabling the perpetrators to manipulate the devices and compromise bank accounts.”
Group-IB, headquartered in Singapore, disclosed that these apps often disguised themselves as offering special discounts on various goods and food items. The trojans embedded functionalities designed to collect extensive personal information.
“Once installed with necessary permissions, the Remote Access Trojan (RAT) allowed remote control of the Android devices by threat actors, facilitating the extraction of sensitive data and passwords using its keylogging and screen capture capabilities,” stated the company.
“The RAT enabled monitoring of SMS messages, including one-time passwords (OTP) sent by financial institutions for additional security. Additionally, it allowed real-time tracking of device location and user activities, operating stealthily even after device reboots.”
One suspect faces potential imprisonment for up to seven years and/or a fine of $50,000, while the other could face penalties of up to $500,000 and imprisonment for up to ten years.
Additionally, as part of a multi-jurisdictional operation, Taiwan Police have apprehended four other suspects accused of engaging in similar unauthorized transfers from victims’ bank accounts. Assets valued at approximately $1.33 million, including cryptocurrency and real estate, were seized from these individuals.
Operation DISTANTHILL, as the enforcement effort has been named, has led to the arrest of 16 cyber criminals involved in defrauding over 4,000 victims.
This development coincides with charges filed by the U.S. Justice Department against Thomas Pavey and Raheim Hamilton for operating Empire Market, a dark web marketplace facilitating transactions exceeding $430 million in illegal goods and services between February 2018 and August 2020.
“The marketplace hosted vendors selling illicit substances such as heroin, methamphetamine, cocaine, and LSD, along with counterfeit currency and stolen credit card information,” according to the DoJ.
Following the shutdown of AlphaBay, Empire Market conducted at least 4 million transactions over its operational period, resulting in the seizure of cash, precious metals, and over $75 million worth of cryptocurrency from the accused individuals.