The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing their personal data and banking credentials. The stolen information was subsequently used to initiate fraudulent transactions on the victims' banking accounts, resulting in financial losses.
Investigation and Syndicate Link
Following a seven-month-long investigation that was launched in November 2023 in partnership with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), the SPF said it found evidence linking the two men to a syndicate responsible for carrying out malware-enabled scams. "The two men [...] allegedly operated servers for the purposes of infecting victims' Android mobile phones with a malicious Android Package Kit (APK) app, and subsequently controlling the phones," the law enforcement agency said.
Malicious Apps and Remote Access
Singapore-headquartered Group-IB said the apps "were often disguised as offering special prices for goods and food items," and that the trojans harbored features to gather a wide range of information. "Once installed and necessary permissions granted, the RAT allows threat actors remote control over the Android device, enabling them to capture sensitive personal data and passwords using its keylogger and screen capture functions," the company said.
Legal Consequences and Seizures
One of the suspects faces up to a prison term of up to seven years, a fine of $50,000, or both, while the other party is liable to pay a penalty of up to $100,000, an imprisonment term of up to 10 years, or both. Assets, including cryptocurrency and real estate amounting to a total value of approximately $1.33 million, were seized from the arrested individuals.
Operation DISTANTHILL and International Arrests
A total of 16 cyber criminals have been apprehended in connection with the law enforcement effort, which has been codenamed Operation DISTANTHILL. More than 4,000 victims are estimated to have been defrauded as part of scams. Separately, in connection with the multi-jurisdiction operation, the Taiwan Police have arrested four other people who are suspected to have used a similar method to make unauthorized transfers from victims' bank accounts.
Dark Web Marketplace Charges
The development comes as the U.S. Justice Department (DoJ) charged two men — Thomas Pavey and Raheim Hamilton – for operating a dark web marketplace called Empire Market that made it possible for thousands of vendors and buyers to anonymously trade more than $200 million in illegal goods and services between February 2018 and August 2020. Launched in the aftermath of the shutdown of AlphaBay, no less than 4 million transactions were carried out during the two-year time period the marketplace was operational. Investigators also seized cash, precious metals, and more than $1 million worth of cryptocurrency from the pair, prosecutors said.