SINGAPORE – From mooncakes to fish and Peking duck, unsuspecting victims had contacted “sellers” of various goods and services on social media platforms and were instructed to download a third-party app.

The downloaded malware allowed scammers to access their victims’ banking apps, increase their credit limits and siphon their money, all within just hours.

The Straits Times spoke to cyber-security experts to understand how one can protect their phone from malware, and whether it is still possible to shop online safely.

Q: Why are Android phone users mostly targeted by malware?

A: These users are commonly targeted due to the open nature of the Android operating system (OS) and its large market share, said cyber-security experts.

Cyber-security firm Kaspersky’s South-east Asia general manager Yeo Siang Tiong said the openness of the Android OS allows apps to be created and uploaded freely. Anyone can download these apps to their devices.

This open system allows cyber criminals to abuse the app marketplace to spread malicious apps.

Android phones also have a larger market share compared to Apple, making it a more attractive target for hackers to create and release malware, said Mr Yeo.

According to analytics site StatCounter, the Android mobile OS held the largest market share of 65.9 per cent in Singapore as at September.

Q: Are Apple users safe from malware?

A: Apple controls what apps are available on its App Store, reducing the need for an anti-virus, said Mr Yeo.

That said, Apple’s iOS is also susceptible to malware.

Cyber-security expert Chester Wisniewski from security firm Sophos said cyber criminals can trick iOS device users into installing a certificate that grants the attacker permission to download third-party apps.

Q: What information can such malware capture?

Mr Yeo said cyber criminals can access personal information and keystrokes stored on the device once a system is infected with malware. This includes access to mobile banking apps, mobile wallets, e-mails and corresponding two-factor authentication (2FA) and verification tools such as built-in camera for biometric verification.

He warned that cyber criminals can enable unauthorised transactions via the infected devices, or steal the data to complete fraudulent transactions at a later date.