New Scam Technique: APK file target on Android users to obtain victim details

KUALA LUMPUR: Police have detected a new modus operandi by online scammers who obtain their victims’ personal details through an SMS app to track their purchases and transfer money from them.

Federal commercial crime investigation department director Kamarudin Mohd Din said the downloaded SMS app will overwrite the victims’ default SMS application.

He said this strategy enables them to access the victims’ transaction authorisation code (TAC) sent via SMS, which will then be used to transfer money out from their bank accounts to a mule account.

At a media conference today, Kamarudin said five people have been cheated so far, with losses amounting to RM58,844.

He said the scammers, posing as sellers, would advertise their “products” on social media platforms such as Facebook.

“The potential victims who are interested would reach out to the ‘sellers’ through WhatsApp.

“The scammers will then send links for an android package kit (APK) for the buyers to download two apps on their phones. One app is a fake online shopping app and the other replaces the default SMS app,” he said.

Through the fake online shopping app, the scammers have access to details such as the victims’ identity card number, credit card numbers and online banking information.

After the buyers click the “Send” button on the transaction page in the app, the next page would display a “Page error”.

By then, he said, the scammers would have complete details of all that is necessary to access the victims’ bank accounts.

“The public should not download mobile applications through an APK file from an unknown source,” Kamarudin said.

He also reminded the public to always ensure the security of their SMS system to protect the TAC and one-time password (OTP) from being leaked.

Source: Free Malaysia Today

First, we should not click any link send by unknown third party. Second, we should always check the source of application from the App Store, Play Store or Huawei App Gallery before download it.