CarderPlanet
Professional
A group of attackers used malicious Android applications to steal credentials and steal funds.
In Singapore, a successful police operation was recently carried out, as a result of which 13 people were detained suspected of involvement in bank fraud. Among the detainees were also a 16-year-old teenager and several young girls.
It is reported that the detained accomplices of the fraudulent operation provided experienced attackers with their bank accounts, Internet banking credentials and Singpass credentials for a monetary reward. These accounts and accounts were used to redirect the stolen money and launder it in a peculiar way. Part of the group was also involved in cashing out the received funds. The exact number of victims of fraudsters is still unknown.
In a press release issued on July 1, the Singapore Police Department said that since January of this year, it has received more and more reports of intruders who conduct unauthorized transactions from victims ' bank accounts. It was particularly noteworthy that the victims did not share their Internet banking credentials with anyone, Singpass, and did not share one-time SMS passwords with anyone. How, then, did the scammers manage to turn their murky schemes around for so long?
As it turned out, the attackers used malware to compromise Android smartphones. The initial stage of infection was the victim's response to various ads for services such as cleaning rooms, grooming animals, or selling food.
Subsequently, the scammers instructed victims to download a special application from an unofficial source for the convenience of purchasing services and obtaining additional privileges. However, of course, the downloaded apk file contained malicious code.
After the initial infection, the attackers additionally contacted the victims by phone or via text messages, convincing them to give the malicious app access to accessibility services on their smartphones. Their activation gave attackers almost complete control over the devices of their victims: logging keystrokes, stealing bank credentials, remote management, etc.
Police found that hackers also used the bank accounts of hacked users as a transit point for money laundering, making transfers between dozens of accounts without the victims knowledge. Fraudsters also remotely destroyed any text messages and email notifications related to fraudulent transfers to cover up all traces of the attack.
Singapore Police warns: don't click on suspicious links, scan unknown QR codes, or download apps from unreliable sources. Malicious programs can harm your device, personal data, and wallet. You should only download any apps from official sources, and additionally check other users ' reviews before installing them, as well as the requested permissions after installation.
In Singapore, a successful police operation was recently carried out, as a result of which 13 people were detained suspected of involvement in bank fraud. Among the detainees were also a 16-year-old teenager and several young girls.
It is reported that the detained accomplices of the fraudulent operation provided experienced attackers with their bank accounts, Internet banking credentials and Singpass credentials for a monetary reward. These accounts and accounts were used to redirect the stolen money and launder it in a peculiar way. Part of the group was also involved in cashing out the received funds. The exact number of victims of fraudsters is still unknown.
In a press release issued on July 1, the Singapore Police Department said that since January of this year, it has received more and more reports of intruders who conduct unauthorized transactions from victims ' bank accounts. It was particularly noteworthy that the victims did not share their Internet banking credentials with anyone, Singpass, and did not share one-time SMS passwords with anyone. How, then, did the scammers manage to turn their murky schemes around for so long?
As it turned out, the attackers used malware to compromise Android smartphones. The initial stage of infection was the victim's response to various ads for services such as cleaning rooms, grooming animals, or selling food.
Subsequently, the scammers instructed victims to download a special application from an unofficial source for the convenience of purchasing services and obtaining additional privileges. However, of course, the downloaded apk file contained malicious code.
After the initial infection, the attackers additionally contacted the victims by phone or via text messages, convincing them to give the malicious app access to accessibility services on their smartphones. Their activation gave attackers almost complete control over the devices of their victims: logging keystrokes, stealing bank credentials, remote management, etc.
Police found that hackers also used the bank accounts of hacked users as a transit point for money laundering, making transfers between dozens of accounts without the victims knowledge. Fraudsters also remotely destroyed any text messages and email notifications related to fraudulent transfers to cover up all traces of the attack.
Singapore Police warns: don't click on suspicious links, scan unknown QR codes, or download apps from unreliable sources. Malicious programs can harm your device, personal data, and wallet. You should only download any apps from official sources, and additionally check other users ' reviews before installing them, as well as the requested permissions after installation.
