Some 50 Android phone users hit by malware targeting mobile banking users

Posed photo of an Android enabled smartphone.
Posed photo of an Android enabled smartphone.PHOTO: BLOOMBERG

SINGAPORE - The Association of Banks in Singapore (ABS) has issued a warning against a software update for messaging app WhatsApp, not initiated by the app maker, that is targeting mobile banking customers here.

Malicious malware hidden in the update has infected about 50 Android smartphone users over the past three months, ABS said in a briefing on Tuesday (Dec 1) morning.

This is the first time that ABS has received reports of fraud from mobile banking users.

Even though the scale of the infection was small, it decided to issue the warning as it expects the number of mobile banking customers to increase over time, and thus provide a larger target base for cybercriminals.

"Criminals have been targeting computer users. But now, criminals have turned to targeting Android phone users... as banks are pushing out more banking apps for user convenience," said Mrs Ong-Ang Ai Boon, director of ABS.

The victims are customers of major retail banks in Singapore, she added. Refunds may be made on a case-by-case basis, but customers must prove that they took steps to protect their confidential banking information.

The victims were prompted via a pop-up window to perform an update for WhatsApp or their battery management module, among others, while surfing some virus-infected websites.


Screenshot from an infected Android phone. 
PHOTO: ASSOCIATION OF BANKS IN SINGAPORE  


Screenshot from an infected Android phone. 
PHOTO: ASSOCIATION OF BANKS IN SINGAPORE  

After clicking on the link in the pop-up window, users were prompted to enter their credit card details. Once the details were entered, the malware took control of the smartphone and intercepted the one-time password (OTP) sent via SMS to the phone for making fraudulent online transactions.

Some users have lost up to several thousand dollars from multiple transactions, which appear to originate in Eastern Europe, she added. Items purchased include airline tickets.

ABS urged users of infected phones to stop performing any banking transactions on their phones.

Depending on the extent of the infection, users may need to reset their phones to factory settings to remove the malware.

Users should also inform their banks if they believe that the security of their credit cards has been compromised.