Android Malware Scam in Singapore: 128+ Cases, S$2.4M Lost — How APK Files Drain Your Bank Account
Since February 2025, Android malware scams have cost Singaporeans S$2.4M. Learn how malicious APK files steal banking credentials and how to protect yourself.
Android Malware Scam in Singapore: 128+ Cases, S$2.4M Lost
Since February 2025, a wave of Android malware scams has swept across Singapore. Over 128 cases have been reported, with victims losing a combined S$2.4 million. The Singapore Police Force (SPF) issued an advisory in April 2025, warning the public about malicious APK files that can empty your bank account in minutes.
Here is everything you need to know to stay safe.
How the Android Malware Scam Works
The attack follows a predictable sequence:
-
The Bait — You encounter a link to download an app. It might come from a fake ad on Facebook or Google, a phishing SMS, a fake government or utility app, or a QR code leading to an APK download.
-
The Install — You download an APK file (Android Package) from outside the Google Play Store. The app looks legitimate — it might mimic a government service, a delivery tracker, or an antivirus tool.
-
The Permissions — The app requests accessibility permissions. Once granted, the malware can read everything on your screen, including banking credentials.
-
The Theft — The malware silently monitors your banking apps (DBS digibank, OCBC app, UOB TMRW) and captures your login details, OTPs, and transaction approvals. Your account is drained without you noticing.
Distribution Channels
| Channel | Example |
|---|---|
| Fake ads | Facebook/Google ads for "free" apps or services |
| Phishing SMS | Messages claiming missed delivery or unpaid bill |
| Fake government apps | Fake SingPass or CPF apps |
| QR codes | Physical QR codes in public places leading to APK downloads |
| Messaging apps | Links shared via WhatsApp or Telegram groups |
Which Banking Apps Are Targeted
The malware specifically targets Singapore's major banking applications:
- DBS digibank — Singapore's largest bank
- OCBC Digital — Including PayAnyone and business banking
- UOB TMRW — UOB's mobile banking app
Once the malware captures your credentials, attackers can transfer funds, change passwords, and lock you out of your own account.
Signs Your Phone May Be Infected
Watch for these symptoms:
- Phone overheating for no apparent reason
- Battery draining unusually fast
- Unfamiliar apps appearing on your phone
- Unexplained transactions in your bank account
- Phone running slowly or crashing frequently
- Pop-up ads appearing outside of apps
How to Protect Yourself
Prevention
| Do | Do Not |
|---|---|
| Only download apps from Google Play Store or Apple App Store | Install APK files from unknown sources |
| Keep your Android OS updated | Ignore system update notifications |
| Enable Google Play Protect | Grant accessibility permissions to unknown apps |
| Review app permissions regularly | Click on links in unexpected SMS messages |
| Use strong, unique passwords for banking apps | Download apps promoted in unsolicited ads |
If You Think You Are Infected
Follow these steps immediately:
- Switch to airplane mode — This cuts off the malware's connection to the attackers
- Contact your bank — Call the bank's fraud hotline directly (do not use the compromised phone to look up the number)
- Factory reset your phone — This is the only reliable way to remove the malware
- Change all passwords — Do this from a different, clean device
- File a police report — Report to SPF
- Monitor your accounts — Watch for unauthorized transactions for the next several weeks
Safe Link Sharing
One of the common attack vectors is suspicious download links shared through messaging apps. If someone sends you a link to download a file, be extremely cautious. For sharing important documents or links securely, use a service like LOCK.PUB where links are password-protected and you can verify the sender's intent before accessing the content.
Bank Emergency Hotlines
| Bank | Fraud Hotline |
|---|---|
| DBS | 1800-339-6963 |
| OCBC | 1800-363-3333 |
| UOB | 1800-222-2121 |
What Makes This Scam Different
Unlike traditional phishing that tricks you into entering credentials on a fake website, this malware operates silently in the background. You might use your real banking app normally while the malware captures everything. The accessibility permissions give the malware the same level of access as a screen reader, meaning it can see every tap, every password, and every OTP.
Key Takeaways
- Never install APK files from sources outside the official app stores
- If a deal or app seems too good to be true, it probably is
- Keep Google Play Protect enabled at all times
- Be suspicious of any link that asks you to download an app directly
- Share files and links through trusted, secure channels like LOCK.PUB instead of clicking unknown download links
- If infected, switch to airplane mode immediately and contact your bank from a different phone
Keywords
You might also like
Children's Online Safety in Singapore: A Parent's Complete Guide for 2026
Everything Singapore parents need to know about keeping children safe online — screen time guidelines, parental controls, new regulations, and practical tools.
CPF Scam Prevention in Singapore: How to Protect Your Retirement Savings
Learn how scammers target CPF savings in Singapore through phishing, fake investments, and SingPass exploitation. Discover how to use CPF Safety Switch and other tools.
Credit Card Fraud Prevention in Korea — Complete Guide 2026
How to prevent and respond to credit card fraud in Korea: the 60-day dispute rule, overseas payment blocking, real-time alerts, and emergency contacts.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free