KUALA LUMPUR – Two men involved in malware scams against Singaporeans since June 2023 have been extradited from Malaysia and are set to be charged today.
Preliminary investigations reveal that the men, aged 26 and 47, allegedly operated servers to infect victims’ Android mobile phones with a malicious app, which they then used to control the phones, according to a statement from Singapore police yesterday.
The app allowed the scammers to alter the contents of the victims’ phones and access their bank accounts, The Straits Times reported.
In 2023, victims in Singapore lost at least SG$34.1 million (RM118.9 million) across at least 1,899 incidents due to downloading malware onto their phones.
According to the report, scammers tricked the victims into installing the apps, which allowed them to remotely access the devices and steal sensitive information, including personal data and banking credentials.
The stolen information was then used to perform fraudulent transactions on the victims’ banking accounts.
Upon analysis of victims’ reports, the Singapore police force (SPF) found that the individuals involved in these malware-enabled scams might be operating in a few jurisdictions.
A joint multi-jurisdiction investigation team, led by the SPF and including the Hong Kong police force and the Royal Malaysia Police, was then formed in November 2023.
“Over the course of the next seven months, the joint investigation team unravelled the complex web of criminal activity and online infrastructure hosting the malware,” said the police.
SPF established the identities of the two men believed to be part of the syndicate responsible for the malware-enabled scams and traced their location to Malaysia.
They were arrested in Malaysia on June 12, and handed over to SPF on June 14.
During the investigations, SPF also shared information with the Taiwan police, leading to the successful takedown of a syndicate operating a fraudulent customer service centre in Kaohsiung City.
Four individuals were arrested on May 15, and assets, including cryptocurrency and real estate, amounting to a total value of approximately US$1.33 million (S$1.8 million), were seized.
In Hong Kong, 52 malware-controlling servers were taken down and 14 money mules who had allegedly facilitated the scam cases were arrested by the Hong Kong police.
SPF’s deputy director of the criminal investigation department Paul Tay said: “The arrest of these malware operators and dismantling of scam infrastructure demonstrates the resolve of the SPF in fighting scams.
“SPF will spare no effort to go after criminals, even those who operate beyond our borders. We will continue to work with our foreign law enforcement partners to bring these criminals to justice.”
The two men will be charged with the unauthorised modification of computer material. If found guilty, an offender can be jailed for up to seven years, fined up to SG$50,000, or both.
The 47-year-old man will also be charged with acquiring benefits from criminal conduct. If found guilty, he can be jailed for up to 10 years, fined up to SG$500,000, or both. – June 15, 2024