ABS warning after Singapore users hit by Android malware

SINGAPORE — The Association of Banks in Singapore (ABS) today (Dec 1) alerted mobile banking consumers to increasing cases of malicious software targeting Android smartphones that effectively lead to cyber criminals getting access to the bank details of consumers and subsequently making financial transactions on their behalf.

ABS warned of a specific malware that disguises itself as a software ­update for Android smartphones, or as a service for updating WhatsApp. In the latter, a pop-up advertisement encourages people to download a “new” version or risk losing access. ­After downloading the ­“update”, the application will then prompt them to ­input confidential ­information, such as credit card ­details, which could then be used fraudulently.

ABS noted that about 50 such incidents have so far been reported, with transactions ranging from a few hundred to several thousand dollars, particularly on deals to buy air tickets, some of which were traced back to their origins in Eastern Europe.

It said the reported victims are customers of major retail banks in Singapore.

“The number may not seem big, but it is a worrying trend and we are taking proactive steps to alert consumers. Banks are cautious about increased incidents of cybercrime affecting banking transactions and have adequately secured their systems. However, consumers continue to be the weak link and those with their smartphones compromised are particularly exposed to such fraud,” said Mrs Ong-Ang Ai Boon, director of ABS.

With banks pushing more apps for user convenience, Mrs Ong noted, smartphones are as susceptible to malware as desktop computers or laptops, and urged consumers to download ­applications only from trusted sources.

“Customers are required to prove that they took steps to protect their confidential banking information while claiming refunds,” she added, urging infected phone users not to do banking transactions on such phones and inform their banks if the security of their credit or debit cards has been compromised.

Singapore’s three local banks said they have multiple layers of ­security to ensure safe mobile banking. “We have very few ... customers who have been affected so far. We have taken every measure to safeguard ­mobile transactions … As a further proactive step, we have designed the new UOB Mighty app such that it cannot be launched on phones that are rooted, jailbroken or have malware,” said a UOB spokesperson.

A spokesperson for DBS/POSB said its customers are covered by the Money Safe Guarantee. “This means that DBS/POSB will reimburse money lost from our customers’ account as a result of an unauthorised transaction made from their online banking account. We also constantly monitor credit/debit card transactions in ­real time for any suspicious activities,” added the spokesperson. “So far we have seen low single-digit cases of possible malware infection on mobile devices. Nevertheless, it is important for online and mobile banking users to take precautions to safeguard their devices, access information and transactions,” said an OCBC spokesperson.

According to ABS, major banks in Singapore have seen a rise in mobile banking customers from 1.5 million in 2013 to 2.4 million in 2015.