SINGAPORE: “How can scammers control our phones and steal our money?” is a question that has become more pressing in the wake of staggering losses between January and August in Singapore. At least S$20 million was lost to malicious malware scams during this period. To shed light on these scams’ inner workings and to alert Android and iPhone users, the program Talking Point conducted an investigation, revealing the increasingly blurry line between security and vulnerability, as reported by CNA.
One victim, Junia Tan, saw an enticing deal online—a fried chicken dinner with free delivery, found on a Facebook ad. The catch? She had to download an app to complete her order, unwittingly inviting malicious software, or malware, into her phone. The danger lies in seemingly harmless apps. For instance, Talking Point discovered an app offering S$5 items. Users were prompted to log in to their bank accounts, enabling scammers to access their credentials. With malware’s reach, it can prompt a factory reset to mask unauthorized transactions.
How does Malware Work?
Malware infiltrates your phone when you click a link or download an app. Attackers implant features that eavesdrop or extract data. Verity Lim from NUS Greyhats, an information security group, gave an example stating, “A keylogger will monitor what you tap on your device’s keyboard, extracting your username and password as you enter them.” Some malware can also capture screenshots.
Malware scams in Singapore have primarily targeted Android phones. Android’s popularity compared to iPhones makes them an appealing target. Android’s open ecosystem allows third-party app installation, setting it apart from Apple’s closed system.
Google scans apps before allowing them in the Play Store, but some scammers exploit app updates. As billions of apps flood Google Play, it becomes a challenge to identify threats. Google employs Play Protect, which scans apps for malicious activity before and after download. However, controlling downloads from unofficial sources is complicated, as users grant permissions unknowingly.
The Looming Threat on iOS
Scammers have infiltrated Apple’s App Store, suggesting that iOS is not immune to threats. Attacks on iOS are expected to rise globally. These attacks are becoming more sophisticated, featuring zero-click attacks. Victims don’t need to click links; scammers infiltrate devices via emails, text messages, and phone calls.
How to Protect Yourself from Malware
In the face of these threats, experts offer essential advice:
- Heed Warnings: Take device warnings seriously and exercise caution with app downloads.
- Use Play Protect: Android users should conduct daily scans with Play Protect.
- Exercise Caution: Be vigilant about app sources, especially low download counts for popular apps.
- Two Devices: Isolate banking and social activities on separate devices to minimize risk.
- Stay Informed: Keep updated on the latest scams and threats. Consider a factory reset as a last resort if your device becomes infected.
Awareness and vigilance are our best defence against malware attacks. Staying informed and cautious is crucial to safety from digital threats.