Summary: This article discusses the use of dozens of servers to distribute malicious Android apps by a cybercrime group in Asia, resulting in a $25 million fraud scheme.
Threat Actor: Cybercrime group | cybercrime group
Victim: Android users | Android users
Key Point :
- A cybercrime group in Asia used multiple servers to distribute malicious Android apps.
- The group was involved in a $25 million fraud scheme.
- The Singapore Police Force arrested a cybercrime ringleader from Malaysia in connection with the case.
Fraud Management & Cybercrime
,
Geo Focus: Asia
,
Geo-Specific
Hackers Used Dozens of Servers to Distribute Malicious Android Apps
A Singapore police-led law enforcement operation dismantled a regional cybercrime ring that carried out malware-enabled scams to steal tens of millions of dollars from victims since 2023.
See Also: A Matrix on Behavioral Biometrics and Device Fingerprinting
The Singapore Police Force said Friday that it worked with law enforcement authorities from Malaysia, Hong Kong and Taiwan to dismantle an organized cybercrime group that operated across jurisdictions and used malicious Android applications to remotely access victims’ mobile devices and empty their bank accounts.
The cybercrime group victimized 1,899 victims in Singapore and stole up to $25 million from their bank accounts in 2023, the SPF said. The police agency coordinated a seven-month joint investigation, dubbed Operation DISTANTHILL, with the Royal Malaysia Police and the Hong Kong Police Force and extradited two Malaysian nationals who played major roles in the criminal enterprise.
Cybersecurity company Group-IB assisted law enforcement authorities during their investigation, said the criminal group often disguised malicious Android applications as e-commerce applications that offered special prices for goods and food items. The group distributed these applications by using dozens of servers to spray phishing emails to unsuspecting victims.
After a victim granted permission to a malicious app, the remote access Trojan would employ keyloggers and screen capture to copy personal data, passwords and other sensitive information. The Trojan also intercepted one-time passwords sent by financial institutions.
“Operating discreetly in the background, it persists even after the Android device is rebooted. The same Trojan has been advertised as a malware-as-a-service scheme, which has also claimed victims in different parts of the world, including the Middle East and Europe,” Group-IB said.
The firm found that the cybercrime ring used about 250 phishing web pages and more than 50 servers in Malaysia to defraud more than 4,000 victims across Southeast Asia. The Hong Kong police took down 52 servers belonging to the criminal enterprise and arrested 14 people who facilitated the scam by handing over their bank accounts to criminals in exchange for money.
The Taiwan police as part of Operation DISTANTHILL arrested four individuals who ran a fake customer service center in Kaohsiung City, Taiwan, to distribute the malicious applications to customers and make unauthorized transactions from their bank accounts. Police recovered $1.33 million in money and cryptocurrency assets from the alleged criminals.
The Singapore Police Force said the two individuals extradited from Malaysia face up to seven years in prison or a fine of up to S$50,000 or both.
Source: https://www.bankinfosecurity.com/police-dismantle-asian-crime-ring-behind-25m-android-fraud-a-25541
“An interesting youtube video that may be related to the article above”