KUALA LUMPUR (THE STAR/ASIA NEWS NETWORK) - The Malaysian police have discovered a new tactic by scammers to steal money from victims' bank accounts through an Android Package (APK) download.

Federal Commercial Crime Investigation Department director Mohd Kamarudin Md Din said scammers could hack into a victim's phone after gaining access through an APK file downloaded by victims who "purchased" items online.

He said scammers would advertise items for sale on social media so that those who were interested would contact the "sellers" via WhatsApp.

"They will be instructed to download and install on their mobile phones an APK file link containing a fake application.

"The application will then take over the buyer's existing SMS system, and the buyer has to register and fill in personal and banking details before they can use the application.

"After pressing the 'send' button, an error message will be shown as the application is not linked to any legitimate banking sites," Datuk Mohd Kamarudin said at a press conference on Thursday (Feb 10).

Mr Mohd Kamarudin said the process was merely to give scammers access to the content of the buyer's SMS and banking details.

"With enough information, the scammers can transfer money from the buyer's account without their knowledge," he said.

He said the police have detected five such cases so far, with losses amounting to RM58,844 (S$18,900).

"Three of the cases were detected in Johor, while one each was reported in Penang and Sabah," said Mr Mohd Kamarudin.

He advised the public not to download APK files sent to their mobile phones by unknown people.

"Don't ever install APK applications from illegitimate sources. The safety of the phone SMS system must always be protected as it will receive an OTP (one-time password) from various applications installed on mobile phones.

"Don't ever install SMS applications from untrustworthy sources," he added.